Update Protection against NetWare Client Service Remote Code Execution Vulnerability (MS06-066)
| Check Point Reference: | CPAI-2006-138 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS06-066 | |
| Industry Reference(s): | CVE-2006-4688 CVE-2006-4689 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 | ||
| Vulnerability Description Multiple vulnerabilities have been reported in Microsoft Windows Client Services for NetWare (CSNW). NetWare is an operating system for local area networks which is manufactured by Novell. Microsoft's Client Service for NetWare provides connectivity infrastructure for Novel Netware systems. CSNW provides a Windows workstation with access to NetWare file, print, and directory services. A remote attacker may exploit these vulnerabilities to cause denial of service or to execute arbitrary code on an affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS06-066 |
|
|
Vulnerability Details CVE 4688: The vulnerability is due to buffer overflow errors in the Client Service for NetWare that fails to properly handle malformed RPC requests. CVE 4689: The flaw is due to an error in the driver for the Client Services for NetWare. A remote attacker may cause denial of service via a specially crafted RPC request. Successful exploitation could grant an attacker complete control of an affected system. |
Protection Overview
By enabling the protection, SmartDefense will block malformed RPC requests.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on November 30, 2006 includes the following protections:
Novell eDirectory 'evtFilteredMonitorEventsRequest' Vulnerability (CPAI-2006-137)
Microsoft NetWare Client Service Remote Code Execution Vulnerability (MS06-066) - CPAI-2006-138
Microsoft Workstation Service Buffer Overflow Vulnerability (MS06-070) - CPAI-2006-139
Microsoft XML Remote Code Execution Vulnerability (MS06-071) - CPAI-2006-140
Visual Studio WMI Code Execution Vulnerability (CPAI-2006-141)
Microsoft Agent Remote Code Execution Vulnerability (MS06-068) - CPAI-32006-142
Block MSN Messenger Live 8 (CPAI-2006-143)
AOL Nullsoft Winamp Ultravox Heap Overflow Vulnerability (CPAI-2006-144)
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > MS-RPC > MS-RPC over CIFS > Block Netware Client Vulnerability (MS06-066).
2. In the Block Netware Client Vulnerability (MS06-066) configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: NetWare client vulnerability detected (MS06-066)
VPN-1 NGX R61, R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block Netware Client Vulnerability (MS06-066).
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: NetWare client vulnerability detected (MS06-066)
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block Netware Client Vulnerability (MS06-066).
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99455 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block Netware Client Vulnerability (MS06-066).
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99455 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block Netware Client Vulnerability (MS06-066).
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: NetWare client vulnerability detected (MS06-066)
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > RPC > MS-RPC over CIFS and enable Block Netware Client Vulnerability (MS06-066).
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: NetWare client vulnerability detected (MS06-066)