SDS Banner

SmartDefense Services Bulletin
October 2007

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

 
In This Bulletin

About SmartDefense Services
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

  • Preemptive, ongoing, and real-time updates to defenses and security policies
  • Ongoing new protocol and application defenses against emerging threats and attacks
  • Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
  • Anti-virus updates and alerts for Check Point VPN-1 UTM
  • Anti-spyware updates for Check Point Integrity Anti-Spyware 
  • Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Integrity)
Advisories (Sorted by Severity, then Date)
CPAI-2007-106
  Date:
  Severity:
  Description: Update Protection against Multiple Trend Micro ServerProtect Buffer Overflow Vulnerabilities
  Sources: Secunia Advisory: SA26523
  Vulnerable Systems: Trend Micro ServerProtect for Windows 5.58 Build 1176
Trend Micro ServerProtect for Windows 5.58 Patch3 and prior
     
CPAI-2007-110
  Date:
  Severity:
  Description: Preemptive Protection against Microsoft Agent Remote Code Execution Vulnerability (MS07-051)
  Sources: Microsoft Security Bulletin MS07-051
  Vulnerable Systems: Microsoft Agent 2.0.0.3425 and prior on Microsoft Windows 2000 SP4
     
CPAI-2007-108
  Date:
  Severity:
  Description: Preemptive Protection against ClamAV Mail Filter Extension Code Execution Vulnerability
  Sources: Secunia Advisory: SA26530
  Vulnerable Systems: ClamAV Project Clam AntiVirus prior to 0.91.2
     
CPAI-2007-107
  Date:
  Severity:
  Description: Preemptive Protection against Novell Client Print Provider RPC Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA26238
  Vulnerable Systems: Novell Client for Windows 4.91 SP4
     
CPAI-2007-082
  Date:
  Severity:
  Description: Update Protection against IBM Lotus Domino LDAP Heap Overflow Vulnerability
  Sources: Secunia Advisory: SA24633
  Vulnerable Systems: IBM Lotus Domino 6.x prior to 6.5.6
IBM Lotus Domino 7.x prior to 7.0.2 FP1
     
CPAI-2007-203
  Date:
  Severity:
  Description: IPS-1 Protection for VMWare DHCP Vulnerability (DHCP Version 7)
  Sources: Secunia Advisory 26890
  Vulnerable Systems:
  • EMC VMWare ACE 1 prior to 1.0.4
  • EMC VMWare ACE 2 prior to 2.0.1
  • EMC VMWare Player 1 prior to 1.0.5
  • EMC VMWare Player 2 prior to 2.0.1
  • EMC VMWare Server 1 Prior to 1.0.4
  • EMC VMWare Workstation 6 prior to 6.0.1
  • EMC VMWare Workstation 5 prior to 5.5.5
     
CPAI-2007-105
  Date:
  Severity:
  Description: Update Protection against Yahoo! Widgets YDP ActiveX Control Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA26011
  Vulnerable Systems: Yahoo! Widgets 4.0.3 (build 178)
     
CPAI-2007-084
  Date:
  Severity:
  Description: Update Protection against Squid Proxy TRACE Request Denial of Service Vulnerability
  Sources: Secunia Advisory: SA24611
  Vulnerable Systems: Squid Web Proxy Cache prior to 2.6.STABLE12
     
CPAI-2007-081
  Date:
  Severity:
  Description: Update Protection against Microsoft Exchange Server iCal Denial of Service Vulnerability (MS07-026)
  Sources: Microsoft Security Bulletin MS07-026
  Vulnerable Systems: Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2007
     
CPAI-2007-094
  Date:
  Severity:
  Description: Update Protection Against Microsoft Exchange SMTP MIME Vulnerability (MS07-026)
  Sources: Microsoft Security Bulletin MS07-026
  Vulnerable Systems: Microsoft Exchange 2000 Server SP3 with the Exchange 2000 Post-SP3
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2007
     
CPAI-2007-109
  Date:
  Severity:
  Description: Preemptive Protection against Microsoft SharePoint Cross-Site Scripting (XSS) Vulnerability
  Sources: Microsoft Security Bulletin MS07-059
  Vulnerable Systems: Microsoft Office SharePoint Server 2007
Microsoft Windows SharePoint Services 3.0
     
Defense Updates
CPAI-2007-106
  Date:
  Update Number: 541070918 (VPN-1 NG R55 Only)
591070918 (VPN-1 NGX R60)
602070918 (VPN-1 NGX R61/R62/R65)
591070918 (VPN-1 VSX NGX)
547070918 (InterSpect 1.x and 2.0)
592070918 (InterSpect NGX)
  Description: Multiple Trend Micro ServerProtect Protections
     
CPAI-2007-105
  Date:
  Update Number: 541070918 (VPN-1 NG R55 Only)
591070918 (VPN-1 NGX R60)
602070918 (VPN-1 NGX R61/R62/R65)
591070918 (VPN-1 VSX NGX)
547070918 (InterSpect 1.x and 2.0)
592070918 (InterSpect NGX)
  Description: Yahoo! Widgets YDP ActiveX Control Protection
     
CPAI-2007-094
  Date:
  Update Number: 591070918 (VPN-1 NGX R60)
602070918 (VPN-1 NGX R61/R62/R65)

  Description: Microsoft Exchange SMTP MIME Protection (MS07-026)
     
CPAI-2007-084
  Date:
  Update Number: 541070918 (VPN-1 NG R55 Only)
591070918 (VPN-1 NGX R60)
602070918 (VPN-1 NGX R61/R62/R65)
591070918 (VPN-1 VSX NGX)
547070918 (InterSpect 1.x and 2.0)
592070918 (InterSpect NGX)
  Description: Squid Proxy TRACE Request Denial of Service Protection
     
CPAI-2007-081
  Date:
  Update Number: 541070918 (VPN-1 NG R55 Only)
591070918 (VPN-1 NGX R60)
602070918 (VPN-1 NGX R61/R62/R65)
591070918 (VPN-1 VSX NGX)
547070918 (InterSpect 1.x and 2.0)
592070918 (InterSpect NGX)
  Description: Microsoft Exchange Server iCal Denial of Service Protection (MS07-026)
     
SDS Footer

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright 2003-2008 Check Point Software Technologies LTD (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065