May 2006 SmartDefense Services Bulletin

SmartDefense Services Bulletin

May 2006

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

In This Bulletin

About SmartDefense Services
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

Preemptive, ongoing, and real-time updates to defenses and security policies
Ongoing new protocol and application defenses against emerging threats and attacks
Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
Anti-virus updates and alerts for Check Point VPN-1 Express CI
Anti-spyware updates for Check Point Integrity Anti-Spyware
Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Integrity)

Advisories (Sorted by Severity, then Date)


CPAI-2006-326
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows Media Player PNG Chunk Handling Stack Overflow Vulnerability
	Sources:	Secunia Advisory: SA20626
	Vulnerable Systems:	Microsoft Windows Media Player 7.1 Microsoft Windows Media Player 8 Microsoft Windows Media Player 9 Microsoft Windows Media Player 10

CPAI-2006-040
	Date:
	Severity:
	Description:	Update Protection against Multiple Products FTP Server Vulnerabilities
	Sources:	securiteam SECURInfos MilwOrm securiteam
	Vulnerable Systems:	FreeFTPd version 1.0.8 and prior XM Easy Personal FTP Server version 4.2 ArGoSoft FTP Server 1.4.x Meteor FTP Server version 1.5

CPAI-2006-036
	Date:
	Severity:
	Description:	Update Protection against Microsoft Outlook Express Windows Address Book File Vulnerability (MS06-016)
	Sources:	Microsoft Security Bulletin MS06-016
	Vulnerable Systems:	Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP SP1, SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003

CPAI-2006-039
	Date:
	Severity:
	Description:	Update Protection against Multiple Vendors' LDAP Server Remote Denial of Service Vulnerabilities
	Sources:	FrSIRT/ADV-2006-0537 SecurityTracker: 1015604 Gleg Advisory Secunia Advisory: SA18818 Secunia Advisory: SA18738
	Vulnerable Systems:	IBM Tivoli Directory Server 4.x, 5.x, 6.x IBM Lotus Domino 7.x Sun Java System Directory Server 5.x Sun ONE Directory Server 5.x CommuniGate Pro 5.x Isode M-Vault Server 11.x

CPAI-2006-037
	Date:
	Severity:
	Description:	Update Protection against Oracle Reports Arbitrary File Reading Vulnerability
	Sources:	US-CERT VU#925261
	Vulnerable Systems:	Oracle Reports Server

CPAi-2006-035
	Date:
	Severity:
	Description:	Update Protection against a Vulnerability in Microsoft FrontPage Server Extensions Vulnerability (MS06-017)
	Sources:	Microsoft Security Bulletin MS06-017
	Vulnerable Systems:	Microsoft FrontPage Server Extensions Microsoft SharePoint Team Services

CPAI-2006-034
	Date:
	Severity:
	Description:	Preemptive Protection against BlueCoat WinProxy Host Header Stack Overflow Vulnerability
	Sources:	iDEFENSE ID: 01.05.06
	Vulnerable Systems:	WinProxy 4 WinProxy 5.x WinProxy 6.x

CPAI-2006-038
	Date:
	Severity:
	Description:	Update Protection against IPSwitch WhatsUp Professional DoS Vulnerability
	Sources:	FrSIRT/ADV-2006-0704
	Vulnerable Systems:	WhatsUp Professional 2006

Defense Updates


CPAI-2006-040
	Date:
	Update Number:	591060425 (VPN-1 NGX R60) 602060425 (VPN-1 NGX R61)
	Description:	Multiple Products FTP Servers Vulnerabilities


CPAI-2006-039
	Date:
	Update Number:	541060430 (VPN-1 NG R54/R55) 550060425 (VPN-1 NG R55W) 591060425 (VPN-1 NGX R60) 602060425 (VPN-1 NGX R61) 547060425 (InterSpect 1.x and 2.0)
	Description:	Multiple Products LDAP Vulnerabilities


CPAI-2006-038
	Date:
	Update Number:	541060430 (VPN-1 NG R54/R55) 550060425 (VPN-1 NG R55W) 591060425 (VPN-1 NGX R60) 602060425 (VPN-1 NGX R61) 547060425 (InterSpect 1.x and 2.0) 592060425 (InterSpect NGX)
	Description:	IPSwitch WhatUp Professional DoS


CPAI-2006-037
	Date:
	Update Number:	541060430 (VPN-1 NG R54/R55) 550060425 (VPN-1 NG R55W) 591060425 (VPN-1 NGX R60) 602060425 (VPN-1 NGX R61) 547060425 (InterSpect 1.x and 2.0) 592060425 (InterSpect NGX)
	Description:	Oracle Reports/Forms Vulnerability


CPAI-2006-036
	Date:
	Update Number:	592060425 (InterSpect NGX)
	Description:	Multiple Products FTP Servers Vulnerabilities


CPAI-2006-035
	Date:
	Update Number:	592060425 (InterSpect NGX)
	Description:	Multiple Products LDAP Vulnerabilities


CPSA-2006-03
	Date:
	Update Number:	541060430 (VPN-1 NG R54/R55) 550060425 (VPN-1 NG R55W) 591060425 (VPN-1 NGX R60) 602060425 (VPN-1 NGX R61) 547060425 (InterSpect 1.x and 2.0) 592060425 (InterSpect NGX)
	Description:	MS-RPC Protections Enforced on TCP Ports

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).