Update Protection against Microsoft Exchange Server iCal Denial of Service Vulnerability (MS07-026)
| Check Point Reference: | CPAI-2007-081 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS07-026 | |
| Industry Reference(s): | CVE-2007-0039 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Exchange Server 2000 SP3 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2007 | ||
| Vulnerability Description A denial of service vulnerability has been reported in Microsoft Exchange Server. The Microsoft Exchange Server is an implementation of an email server capable of handling numerous Internet protocol, including the Simple Mail Transfer Protocol (SMTP). A remote attacker can exploit this issue to crash the vulnerable service. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-026 |
|
|
Vulnerability Details The vulnerability is due to an error in the Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server that fails to properly handle malformed calendar content requests (iCal). An attacker can exploit this vulnerability via a specially crafted iCal file. Successful exploitation can cause the mail service to stop responding (denial of service). |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed iCal requests.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update released on September 18, 2007 includes the following protections:
Squid Proxy TRACE Request Denial of Service Vulnerability (CPAI-2007-084)
Microsoft Exchange Server iCal Denial of Service Vulnerability (MS07-026) CPAI-2007-081
Microsoft Exchange SMTP MIME Vulnerability (MS07-026) CPAI-2007-094
Yahoo! Widgets YDP ActiveX Control Buffer Overflow Vulnerability (CPAI-2007-105)
Multiple Trend Micro ServerProtect Buffer Overflow Vulnerabilities (CPAI-2007-106)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Mail > SMTP > Block Malformed iCal Request (MS07-026).
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SMTP Protection Violation
Attack Information: Malformed iCal request (MS07-026)
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > SMTP.
2. Select the following protection:
Block Malformed iCal Request (MS07-026)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SMTP Protection Violation
Attack Information: Malformed iCal request (MS07-026)
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > SMTP.
2. Select the following protection:
Block Malformed iCal Request (MS07-026)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99251 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > SMTP.
2. Select the following protection:
Block Malformed iCal Request (MS07-026)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99251 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > Mail > SMTP.
3. Select the following protection:
Block Malformed iCal Request (MS07-026)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SMTP Protection Violation
Attack Information: Malformed iCal request (MS07-026)
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Mail > SMTP.
2. Select the following protection:
Block Malformed iCal Request (MS07-026)
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SMTP Protection Violation
Attack Information: Malformed iCal request (MS07-026)
Connectra NGX R62 & R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following:
Block Malformed iCal Request (MS07-026)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:
Attack Name: SMTP Protection Violation
Attack Information: Malformed iCal request (MS07-026)