Update Protection against Sun Microsystems Java System Web Proxy sockd Daemon Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2007-091 | |
| Date Published: | ||
| Severity: | ||
| Source: | FrSIRT/ADV-2007-1957 | |
| Industry Reference(s): | CVE-2007-2881 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Sun Microsystems Java System Web Proxy Server prior to 4.0.5 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in the Java System Web Proxy sockd daemon. Java System Web Proxy Server collects and distributes data from the network. It provides protocol support for SOCKS - an Internet protocol that allows client-server applications to transparently use the services of a network firewall. An attacker may exploit this vulnerability to execute arbitrary code. |
||
|
Update/Patch Available Upgrade to Sun Java System Web Proxy Server version 4.0.5: Sun Java System Web Proxy Server |
|
|
Vulnerability Details The vulnerability is due to a boundary error in the Java System Web Proxy sockd daemon when processing user supplied data. A remote attacker can exploit this flaw via a specially crafted connection request. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed SOCKS Requests.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on August 21, 2007 includes the following protections:
Sun Microsystems Java System Web Proxy sockd Daemon Buffer Overflow Vulnerability (CPAI-2007-091)
WinZip FileView ActiveX Controls Buffer Overflow Vulnerability (CPAI-2007-092)
Provideo ISSCamControl Module ActiveX Control Buffer Overflow Vulnerability (CPAI-2007-093)
Trend Micro ServerProtect EarthAgent DCE-RPC Buffer Overflow Vulnerability (CPAI-2007-097)
Trend Micro ServerProtect CreateBinding DCE-RPC Buffer Overflow Vulnerability (CPAI-2007-098)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > SOCKS.
2. In the configuration pane, under Settings > Mode, check Active.
3. In the configuration pane, select the following protection:
Block Java Web Proxy Vulnerability
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SOCKS Enforcement Violation
Attack Information: Java Web Proxy sockd vulnerability detected
VPN-1 NGX R61, R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > SOCKS.
2. In the configuration pane, select the following protection:
Block Java Web Proxy Vulnerability
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SOCKS Enforcement Violation
Attack Information: Java Web Proxy sockd vulnerability detected
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Tunneling Detection > SOCKS. 
3. In the configuration pane, select the following protections:
Block Java Web Proxy Vulnerability
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SOCKS Enforcement Violation
Attack Information: Java Web Proxy sockd vulnerability detected
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > SOCKS.
2. Select the following protection:
Block Java Web Proxy Vulnerability
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SOCKS Enforcement Violation
Attack Information: Java Web Proxy sockd vulnerability detected