New Vulnerability Coverage
| Threat Type: |
Multiple Vulnerabilities |
IPS Definition
Database Versions: |
2.486 - 2.489 |
| Coverage Release Date: |
Apr 03, 2008 - Apr 10, 2008 |
| Published Date: |
Wednesday, April 16, 2008 |
| Version #: |
1 |
| |
| Severity |
Number of
Vulnerabilities |
Active
Exploitation |
| Critical | 5 | 1 |
| High | 6 | 1 |
| Medium | 4 | - |
| Low | 2 | 1 |
| Info | 3 | n/a |
| Total | 20 | 3 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover
multiple vulnerabilities. The FortiGuard Team has observed
3 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at
www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the
2.489 IPS Definitions database update.
A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 2 )
Description:
This indicates an attempt to exploit an arbitrary file overwrite vulnerability in HP Software Update, shipped with many HP systems.
The vulnerability is due to a design weakness in an ActiveX component that is used to download patches and updates for HP software. A remote attacker can exploit the vulnerability by persuading a target user to open a malicious web page that can then overwrite sensitive files on the local file system. By doing this the attacker can corrupt the operating system and/or execute arbitrary code with the privileges of the logged in user.
Affected Products:
HP Software Update 3.0.8.4
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow or SQL injection vulnerability in Oracle Database.
The vulnerability is caused by an input validation error in the procedures "xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE" and "xDb.XDB_PITRIG_PKG.PITRIG_DROP". It allows remote attackers to execute arbitrary code or inject SQL statements via the first parameter of these two procedures.
Affected Products:
Oracle Database 9.2.0.8
Oracle Database 9.2.0.8DV
Oracle Database 10.1.0.5
Oracle Database 10.2.0.3
Reference IDs:
|
High ( 2 )
Description:
This indicates an attempt to exploit a memory corruption vulnerability in Mozilla products.
The vulnerability may allow remote attackers to steal the navigation history and cause a denial of service (crash) via images in a page that uses designMode frames. This triggers memory corruption related to resize handles.
Affected Products:
Multiple Products
Reference IDs:
|
Description:
This indicates an attempt to exploit a heap overflow vulnerability in Symantec VERITAS Storage Foundation.
The vulnerability is caused by a boundry error in vxvea3.dll that occurs when handling a malformed udp packet sent to udp port 3207(administrator service). It allows remote attackers to cause memory corruption or execute arbitrary code via a specially crafted udp packet.
Affected Products:
Veritas Storage Foundation 5.0
Reference IDs:
|
Medium ( 2 )
Description:
This indicates an attempt to exploit a file overwriting vulnerability in Microsoft Rich Textbox Control ActiveX control.
The vulnerability is due to lack of path verification in the control's method SaveFile. A remote attacker can exploit this vulnerability via a specially crafted web page to create or modify arbitrary files on the target system.
Affected Products:
Microsoft Rich TextBox Control 6.0
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Yahoo! Toolbar.
The vulnerability is caused by boundary errors within the YShortcut ActiveX control component of Yahoo! Toolbar. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted webpage, potentially causing arbitrary code to be injected and executed in the security context of the current user.
Affected Products:
Yahoo! Toolbar 1.4.1
Reference IDs:
|
Info ( 2 )
Description:
This indicates a connection attempt to Windows Terminal Server was made by RDP client.
Remote Desktop Protocol (RDP) is a multi-channel protocol that allows a user to connect to a computer running Microsoft Terminal Server. The server listens by default on TCP port 3389.
Affected Products:
Windows system that runs terminal server on the Internet is vulnerable.
|
Description:
This indicates a connection attempt to VNC server was made by VNC client.
VNC is a free remote control software which allows user to view and fully interact with one computer desktop (the "VNC server") using a simple program (the "VNC viewer") on another computer desktop anywhere on the Internet.
Affected Products:
Any system that runs VNC server on the Internet is vulnerable.
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new
vectors of exploitation are discovered. The table below details the
security content enhanced with this release.
Critical ( 3 )
High ( 5 )
Medium ( 3 )
Low ( 2 )
Info ( 1 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes
to monitor exploit activity. Vulnerabilities can be classified as
active and given a magnitude level. The magnitude level is the rate
of activity across the probes. The value of the magnitude is set to
low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin
and their corresponding exploit activity magnitude. The data below is
as of this writing.
Critical ( 1 of 4 )
High ( 1 of 5 )
Medium ( 0 of 2 )
Low ( 1 of 2 )
Top of Section
Document History
| Revision Date |
Version Number |
|
| Wednesday, April 16, 2008 |
1 |
Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
