| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.836 - 2.841 |
| Coverage Release Date | Jul 19, 2010 - Jul 29, 2010 |
| Published Date | Monday, August 02, 2010 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 15 | 2 | | High | 18 | 3 | | Medium | 4 | 2 | | Low | 1 | - | | Info | - | n/a | | Total | 38 | 7 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 7 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.841 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 8 )
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in CastRipper.
The vulnerability is caused by an error when the vulnerable software handles a malicious .pls file. It allows a remote attacker to execute arbitrary code via sending a crafted .pls file.
Affected Products:
CastRipper version 2.50.70. Other versions may also be affected.
Reference IDs:
|
Description:
This indicates an attack attempt against a cross-origin-bypass vulnerability in Google Chrome web browser.
The vulnerability is caused by an error when the Google URL Parsing Library handles a specially crafted Google URL (GURL). It allows a remote attacker to bypass the Same Origin Policy.
Affected Products:
Google Chrome 4.1.249 1059
Google Chrome 4.1.249 1036
Google Chrome 4.1.249 .1045
Google Chrome 4.1.249 .1042
Google Chrome 4.0.249 .89
Google Chrome 4.0.249 .78
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in the HP OpenView Network Node Manager (NNM) program ovwebsnmpsrv.exe.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request sent to the jovgraph.exe CGI application. It allows a remote attacker to execute arbitrary code.
Affected Products:
HP OpenView Network Node Manager 7.53
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in the IMAP service in NetWin SurgeMail.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted argument to the LSUB command. It allows a remote attacker to execute arbitrary code.
Affected Products:
NetWin SurgeMail 3.8k4
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in Microsoft Windows Shell.
This vulnerability is triggered when a user browses to a folder with a specially crafted shortcut. Remote attackers may exploit this to execute arbitrary code.
Affected Products:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in OPIE.
The vulnerability is caused by an off-by-one error when the vulnerable software handles an malformed username. It allows a remote attacker to execute arbitrary code.
Affected Products:
Ubuntu Ubuntu Linux 9.10
Ubuntu Ubuntu Linux 9.04
Ubuntu Ubuntu Linux 10.04
FreeBSD FreeBSD 8.1-PRERELEASE and previous versions
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in Skype Extras Manager.
The vulnerability is caused by an error when the vulnerable software handles a specific method. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Skype for Windows versions prior to 4.1.0.179.
Reference IDs:
|
Description:
This indicates an attack attempt against a format-string vulnerability in VMware Remote Console (VMrc).
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTML document. It allows a remote attacker to execute arbitrary code.
Affected Products:
VMWare Infrastructure Client (Vsphere) 4
VMWare ESX Server 4.0
Reference IDs:
|
High ( 5 )
Description:
This indicates a possible attack against a remote command-execution vulnerability in HP OpenView Performance Insight.
The vulnerability is due the application's failure to sufficiently check user input. An attacker may exploit this to upload arbitrary .jsp files which may be executed remotely.
Affected Products:
HP OpenView Performance Insight 5.1.2
HP OpenView Performance Insight 5.1.1
HP OpenView Performance Insight 5.4
HP OpenView Performance Insight 5.2
HP OpenView Performance Insight 5.1
HP OpenView Performance Insight 5.0
HP Performance Insight 5.4
HP Performance Insight 5.3
Reference IDs:
|
Description:
This indicates a possible attack against an authentication-bypass issue in RedHat JBoss Enterprise Application Platform which could allow arbitrary .war file uploads.
Affected Products:
RedHat JBoss Enterprise Application Platform 4.3 & 4.3 EL5 & 4.3 EL4
RedHat JBoss Enterprise Application Platform 4.2 & 4.2 EL5 & 4.2 EL4
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Samba.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted SMB message. It allows a remote attacker to execute arbitrary code.
Affected Products:
Samba Samba 3.3.12 and previous versions
Reference IDs:
|
Description:
This indicates a possible attack against a buffer-overflow vulnerability in UFO: Alien Invasion, which can be exploited by setting up a malicious IRC server to execute arbitrary code on the client's system.
Affected Products:
Version 2.1.1 and earlier
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in VideoLAN's VLC Media Player.
The vulnerability is caused by an uninitialized-pointer-dereference error when the vulnerable software handles a specially crafted zip file renamed as a media file. It allows a remote attacker to execute arbitrary code.
Affected Products:
VideoLAN VLC media player 1.0.6 and previous versions
Reference IDs:
|
Medium ( 1 )
Description:
This indicates an attack attempt against an information-disclosure vulnerability in HP Intelligent Management Center.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to obtain sensitive information.
Affected Products:
3Com Intelligent Management Center (IMC) 3.3.9 R2 606
3Com Intelligent Management Center (IMC) 3.3 SP1 R2 606
Reference IDs:
|
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 7 )
High ( 14 )
Medium ( 3 )
Low ( 1 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 2 of 15 )
High ( 3 of 17 )
Medium ( 2 of 4 )
Low ( 0 of 1 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, August 02, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
