Update Protection against LANDesk Alert Service Stack Overflow Vulnerability
| Check Point Reference: | CPAI-2007-070 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA24892 | |
| Industry Reference(s): | CVE-2007-1674 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? LANDesk Management Suite version 8.7 LANDesk Management Suite version 8.6.1 | ||
| Vulnerability Description A stack buffer overflow vulnerability has been discovered in LANDesk Management Suite. LANDesk Management Suite automates systems and security management tasks and proactively manages, updates and protects desktops, servers and mobile devices from a single console. A remote attacker can exploit this flaw to execute arbitrary code on an affected system. |
||
|
Update/Patch Available Update to the latest Service Pack and apply hotfix INST-11050687.2: http://kb.landesk.com/pf/12/webfiles/Patch/INST-11050687.2.zip |
|
|
Vulnerability Details The vulnerability is due to a boundary error in the LANDesk Management Alert Service when processing specially crafted packets received on port 65535/UDP. Remote attackers can exploit this issue via a specially crafted packet sent to a vulnerable system on port 65535/UDP. Successful exploitation may allow execution of arbitrary code on the affected system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block specially crafted packets sent via port 65535/UDP.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on June 13, 2007 includes the following protections:
Apple QuickTime Crafted Media File Vulnerability (CPAI-2007-069)
LANDesk Alert Service Stack Overflow Vulnerability (CPAI-2007-070)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > LANDesk Management Suite > Block LANDesk Alert Service Stack Overflow.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LANDesk Management Suite Enforcement
Attack Information: LANDesk alert service stack overflow
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > LANDesk Management Suite.
2. Select the following protection:
Block LANDesk Alert Service Stack Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LANDesk Management Suite Enforcement
Attack Information: LANDesk alert service stack overflow
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > LANDesk Management Suite.
2. Select the following protection:
Block LANDesk Alert Service Stack Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99888 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > LANDesk Management Suite.
2. Select the following protection:
Block LANDesk Alert Service Stack Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99888 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2.In the SmartDefense tree, click Application Intelligence > LANDesk Management Suite.
3. Select the following protection:
Block LANDesk Alert Service Stack Overflow
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LANDesk Management Suite Enforcement
Attack Information: LANDesk alert service stack overflow
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > LANDesk Management Suite.
2. Select the following protection:
Block LANDesk Alert Service Stack Overflow
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LANDesk Management Suite Enforcement
Attack Information: LANDesk alert service stack overflow
Connectra NGX R62 & R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following:
Block LANDesk Alert Service Stack Overflow
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:
Attack Name: LANDesk Management Suite Enforcement
Attack Information: LANDesk alert service stack overflow