Update Protection against FLAC Project libFLAC Picture Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2007-136 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA27210 | |
| Industry Reference(s): | CVE-2007-4619 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? FLAC Project libFLAC Prior to 1.2.1 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in the Free Lossless Audio Codec (FLAC). FLAC is a file format designed for audio data compression. LibFLAC is the FLAC project library embedded in various products. A remote attacker can exploit this vulnerability via a specially crafted FLAC file. Successful exploitation of the vulnerability allows execution of arbitrary code on a vulnerable system. |
||
|
Update/Patch Available Update to FLAC version 1.2.1: http://flac.sourceforge.net/download.html |
|
|
Vulnerability Details The vulnerability is due to boundary errors in libFLAC that fails to properly process crafted FLAC audio files. A remote attacker could trigger this flaw via a specially crafted FLAC audio file. Successful exploitation allows execution of arbitrary code once a malformed FLAC file is being loaded on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed FLAC files over HTTP.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update released on December 18, 2007 includes the following protections:
FLAC Project libFLAC Picture Buffer Vulnerability (CPAI-2007-136)
Apple QuickTime Crafted RTSP Response Buffer Overflow Vulnerability (CPAI-2007-137)
Recent Malware Threats (18-Dec-07) CPAI-2007-138
Microsoft Windows Message Queuing Code Execution Vulnerability (MS07-065) CPAI-2007-139
Microsoft AVI File Parsing Code Execution Vulnerability (MS07-064) CPAI-2007-140
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following:
Malformed FLAC Files
3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information:
Malformed FLAC file: picture MIME-Type vulnerability detected
Malformed FLAC file: picture description vulnerability detected
Malformed FLAC file: VORBIS Comment vulnerability detected
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed FLAC Files
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information:
Malformed FLAC file: picture MIME-Type vulnerability detected
Malformed FLAC file: picture description vulnerability detected
Malformed FLAC file: VORBIS Comment vulnerability detected
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Content Protection.
3. Select the following protection:
Malformed FLAC Files
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information:
Malformed FLAC file: picture MIME-Type vulnerability detected
Malformed FLAC file: picture description vulnerability detected
Malformed FLAC file: VORBIS Comment vulnerability detected