SDS Banner

SmartDefense Services Bulletin
August 2006

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.
 
In This Bulletin

About SmartDefense Services
What's New
Advisories
Defense Updates
About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

  • Preemptive, ongoing, and real-time updates to defenses and security policies
  • Ongoing new protocol and application defenses against emerging threats and attacks
  • Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
  • Anti-virus updates and alerts for Check Point VPN-1 UTM
  • Anti-spyware updates for Check Point Integrity Anti-Spyware 
  • Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Integrity)
What's New

Coming Soon in NGX R62 ...
SmartDefense Profiles

Stay tuned, new functionality that many of you have asked for is almost here.  Define multiple SmartDefense profiles and associate these profiles with your Check Point gateways.  The result:  different gateways can have different SmartDefense attributes, while still being centrally managed through the SmartConsole.
Advisories (Sorted by Severity, then Date)
CPAI-2006-082
  Date:
  Severity:
  Description: Update Protection against Microsoft Excel Vulnerabilities (MS06-037)
  Sources: Microsoft Security Bulletin MS06-037
  Vulnerable Systems: Microsoft Office 2003 SP1 or SP2
Microsoft Excel 2003 
Microsoft Excel Viewer 2003 
Microsoft Office XP SP3
Microsoft Excel 2002 
Microsoft Office 2000 SP3
Microsoft Excel 2000
Microsoft Office 2004 for Mac
Microsoft Excel 2004 for Mac
Microsoft Office v. X for Mac
Microsoft Excel v. X for Mac
     
CPAI-2006-079
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows Media Player PNG Vulnerability (MS06-024)
  Sources: Microsoft Security Bulletin MS06-024
  Vulnerable Systems: Windows Media Player for XP on Microsoft Windows XP SP1
Windows Media Player 9 on Microsoft Windows XP SP2
Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition 
Windows Media Player 9 on Microsoft Windows Server 2003
Windows Media Player 10 on Microsoft Windows Server 2003 SP1
Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition
     
CPAI-2006-080
  Date:
  Severity:
  Description: Update Protection against ART Image Rendering Vulnerability (MS06-022)
  Sources: Microsoft Security Bulletin MS06-022
  Vulnerable Systems: Microsoft Windows XP SP1,SP2 
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
     
CPAI-2006-074
  Date:
  Severity:
  Description: Update Protection against Microsoft JScript Remote Code Execution Vulnerability (MS06-023)
  Sources: Microsoft Security Bulletin MS06-023
  Vulnerable Systems: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1, SP2 
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
     
CPAI-2006-073
  Date:
  Severity:
  Description: Update Protection against COM Object Instantiation Memory Corruption Vulnerability (MS06-021)
  Sources: Microsoft Security Bulletin MS06-021
  Vulnerable Systems: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6

     
CPAI-2006-072
  Date:
  Severity:
  Description: Update Protection against COM Object Instantiation Vulnerability (MS06-013)
  Sources:

Microsoft Security Bulletin MS06-013
  Vulnerable Systems: Internet Explorer 5.01 SP4, 6 SP1; and prior service packs
     
CPAI-2006-071
  Date:
  Severity:
  Description: Update Protection against VNC Authentication Bypass Vulnerability
  Sources: IntelliAdmin
  Vulnerable Systems: RealVNC Free Edition version 4.1.1 and prior
RealVNC Personal Edition version 4.2.2 and prior
RealVNC Enterprise Edition version 4.2.2 and prior
     
CPAI-2006-069
  Date:
  Severity:
  Description: Update Protection against Malformed SSH Key Exchange Init Message Vulnerability
  Sources: FrSIRT/ADV-2006-1820
Secunia Advisory: SA19845
  Vulnerable Systems: FortressSSH version 4.0.7.20 and earlier versions
WeOnlyDo! Software wodSSHServer 1.2.7
WeOnlyDo! Software wodSSHServer 1.3.3 DEMO and possibly other versions
     
CPAI-2006-093
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.94.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2006-092
  Date:
  Severity:
  Description: Preemptive Protection against CesarFTP and XM Easy Personal FTP Server Buffer Overflow Vulnerabilities
  Sources: SecurTeam
SecurityFocus
  Vulnerable Systems:  XM Easy Personal FTP Server Version 4.3
CesarFTP version 0.99g
     
CPAI-2006-091
  Date:
  Severity:
  Description: Preemptive Protection agains Apple Open Directory Denial of Service Vulnerability
  Sources: MU Security
  Vulnerable Systems: OSX 10.4.4 through 10.4.6
     
CPAI-2006-090
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.93.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2006-089
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.92.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2006-088
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.90.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2006-087
  Date:
  Severity:
  Description: Update Protection against ASP.NET Information Disclosure Vulnerability (MS06-033)
  Sources: Microsoft Security Bulletin MS06-033
  Vulnerable Systems: NET Framework 2.0 for the following operating system versions:

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1
Windows XP Service Pack
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Tablet PC
Microsoft Windows XP Media Center Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based systems
Microsoft Windows Server with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

     
CPAI-2006-086
  Date:
  Severity:
  Description: Update Protection against Plume CMS manager_path Code Execution Vulnerability
  Sources: SecurityTracker Alert ID: 1016165
  Vulnerable Systems: Plume CMS version 1.0.3
     
CPAI-2006-085
  Date:
  Severity:
  Description: Update Protection against Cisco CallManager Cross Site Scripting Vulnerabilities
  Sources: SecuriTeam
Cisco Security Response
  Vulnerable Systems: Cisco CallManager version 3.1 and above
     
CPAI-2006-084
  Date:
  Severity:
  Description: Update Protection against Geeklog Remote Code Execution Vulnerability
  Sources: SecurityFocus
  Vulnerable Systems: Geeklog 1.4.0sr3
     
CPAI-2006-083
  Date:
  Severity:
  Description: Update Protection against The WebAttacker Spyware
  Sources:  Sophos
  Vulnerable Systems:  Microsoft Windows clients
     
CPAI-2006-081
  Date:
  Severity:
  Description: Update Protection against MySQL Server str_to_date DoS Vulnerability
  Sources: MYSQL BUGS
  Vulnerable Systems: MySQL versions prior to 4.1.18, 5.0.19, and 5.1.6
     
CPAI-2006-078
  Date:
  Severity:
  Description: Update Protection against AWStats Remote Command Execution Vulnerability
  Sources: iDEFENSE
  Vulnerable Systems: AWStats 6.1, and other versions before 6.3
     
CPAI-2006-077
  Date:
  Severity:
  Description: Update Protection against VWar Remote File Inclusion Vulnerability
  Sources: FrSIRT/ADV-2006-1228
  Vulnerable Systems: Virtual War version 1.5.0-R12 and prior
     
CPAI-2006-076
  Date:
  Severity:
  Description: Update Protection against Horde Help Viewer Vulnerability
  Sources: FrSIRT/ADV-2006-1154
  Vulnerable Systems: Horde versions prior to 3.1.1
Horde versions prior to 3.0.10
     
CPAI-2006-075
  Date:
  Severity:
  Description: Update Protection against Symantec Sygate Management Server SQL Injection Vulnerability
  Sources: Symantec: SYM06-002
  Vulnerable Systems: Symantec's Sygate Management Server (SMS) version 4.1, build 1417 and earlier
     
CPAI-2006-070
  Date:
  Severity:
  Description: Update Protection against Multiple IMAP Servers Directory Traversal Vulnerability
  Sources: Dovecot-News
SecurityTracker Alert ID: 1014095
  Vulnerable Systems: Dovecot version 1.0 beta
Dovecot version 1.0 stable
SPA-PRO Mail @Solomon 4.00
     
Defense Updates
CPAI-2006-093
  Date:
  Update Number: 692060724 (Connectra NGX R61)
691060724 (Connectra NGX)
690060724 (Connectra 2.0)
  Description: Integrity Clientless Security (ICS) Update 3.7.94.0
     
CPAI-2006-090
  Date:
  Update Number: 692060717 (Connectra NGX R61)
691060717 (Connectra NGX)
690060717 (Connectra 2.0)
  Description: Integrity Clientless Security (ICS) Update 3.7.93.0
     
CPAI-2006-089
  Date:
  Update Number: 692060711 (Connectra NGX R61)
691060711 (Connectra NGX)
690060711 (Connectra 2.0)
  Description: Integrity Clientless Security (ICS) Update 3.7.92.0
     
CPAI-2006-088
  Date:
  Update Number: 692060704 (Connectra NGX R61)
691060704 (Connectra NGX)
690060704 (Connectra 2.0)
  Description: Integrity Clientless Security (ICS) Update 3.7.90.0
     
CPAI-2006-087
  Date:
  Update Number: 541060716 (VPN-1 NG R54/R55)
550060716 (VPN-1 NG R55W)
591060716 (VPN-1 NGX R60)
602060716 (VPN-1 NGX R61)
591060716 (VPN-1 VSX NGX)
547060716 (InterSpect 1.x and 2.0)
592060716 (InterSpect NGX)
  Description: ASP.NET Protection (MS06-033)
     
CPAI-2006-086
  Date:
  Update Number: 541060716 (VPN-1 NG R54/R55)
550060716 (VPN-1 NG R55W)
591060716 (VPN-1 NGX R60)
602060716 (VPN-1 NGX R61)
591060716 (VPN-1 VSX NGX)
547060716 (InterSpect 1.x and 2.0)
592060716 (InterSpect NGX)
  Description: Plume CMS Manager Protection
     
CPAI-2006-085
  Date:
  Update Number: 541060716 (VPN-1 NG R54/R55)
550060716 (VPN-1 NG R55W)
591060716 (VPN-1 NGX R60)
602060716 (VPN-1 NGX R61)
591060716 (VPN-1 VSX NGX)
547060716 (InterSpect 1.x and 2.0)
592060716 (InterSpect NGX)
  Description: Cisco CallManager XSS Protection
     
CPAI-2006-084
  Date:
  Update Number: 541060716 (VPN-1 NG R54/R55)
550060716 (VPN-1 NG R55W)
591060716 (VPN-1 NGX R60)
602060716 (VPN-1 NGX R61)
591060716 (VPN-1 VSX NGX)
547060716 (InterSpect 1.x and 2.0)
592060716 (InterSpect NGX)
  Description: Geeklog Remote Code Execution Protection
     
CPAI-2006-083
  Date:
  Update Number: 541060716 (VPN-1 NG R54/R55)
550060716 (VPN-1 NG R55W)
591060716 (VPN-1 NGX R60)
602060716 (VPN-1 NGX R61)
591060716 (VPN-1 VSX NGX)
547060716 (InterSpect 1.x and 2.0)
592060716 (InterSpect NGX)
  Description: WebAttacker Spyware Protection
     
CPAI-2006-081
  Date:
  Update Number: 591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
592060705 (InterSpect NGX)
  Description: MySQL Server str_to_date DoS Protection
     
CPAI-2006-080
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: ART Image Rendering Protection (MS06-022)
     
CPAI-2006-079
  Date:
  Update Number: 591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
592060705 (InterSpect NGX)
  Description: Windows Media Player PNG Protection (MS06-024)
     
CPAI-2006-078
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: AWStats Remote Command Execution Protection
     
CPAI-2006-077
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: Virtual War (VWar) File Inclusion Protection
     
CPAI-2006-076
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: Horde Help Viewer Protection
     
CPAI-2006-075
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: Symantec Sygate SQL Injection Protection
     
CPAI-2006-074
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: Microsoft JScript Remote Code Execution Protection (MS06-023)
     
CPAI-2006-073
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: COM Object Instantiation Memory Corruption Vulnerability (MS06-021)
     
CPAI-2006-072
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: COM Object Instantiation Protection (MS06-013)
     
CPAI-2006-071
  Date:
  Update Number: 550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
  Description: VNC Authentication Bypass Protection
     
CPAI-2006-070
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
692060704 (Connectra NGX R61)
  Description: Multiple IMAP Servers Directory Traversal
     
CPAI-2006-069
  Date:
  Update Number: 541060705 (VPN-1 NG R54/R55)
550060705 (VPN-1 NG R55W)
591060705 (VPN-1 NGX R60)
602060705 (VPN-1 NGX R61)
591060705 (VPN-1 VSX NGX)
547060705 (InterSpect 1.x and 2.0)
592060705 (InterSpect NGX)
692060704 (Connectra NGX R61)
  Description: Malformed SSH Init Message Protection
     
SDS Footer

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright 2003-2008 Check Point Software Technologies LTD (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065