Update Protection against Motorola Timbuktu Crafted Login Request Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-066 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA26588 | |
| Industry Reference(s): | CVE-2007-4221 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Motorola Timbuktu Pro 8.6.3 and prior | ||
| Vulnerability Description A buffer overflow vulnerability exists in Motorola Timbuktu. Motorola Timbuktu is a remote monitoring and control product available for various operating systems. A remote attacker may exploit this issue to execute arbitrary code on a target system. |
||
|
Update/Patch Available Update to version 8.6.5. |
|
|
Vulnerability Details The vulnerability is due to a boundary error in Motorola Timbuktu that fails to properly handle crafted user login requests. In order to exploit this issue, an attacker can send a specially crafted login request to a vulnerable system. Successful exploitation may allow the attacker to inject and execute arbitrary code on the target system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed requests sent to the vulnerable service.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.