SDS Banner

SmartDefense Services Bulletin
May 2008

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

 
In This Bulletin

About SmartDefense Services
What's New
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

  • Preemptive, ongoing, and real-time updates to defenses and security policies
  • Ongoing new protocol and application defenses against emerging threats and attacks
  • Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
  • Messaging Security updates (providing comprehensive protection for email infrastructures) for UTM-1 Total Security appliances and VPN-1 UTM Total Security software licenses
  • Anti-virus updates and alerts for Check Point VPN-1 UTM
  • Anti-spyware updates for Check Point Endpoint Security 
  • Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Check Point Endpoint Security)
What's New

Messaging Security -- Protect your Email Infrastructure

Messaging Security from Check Point provides comprehensive protection for an organization's messaging infrastructure. The multi-dimensional approach protects the email infrastructure, provides highly accurate spam protection, defends organizations from a wide variety of virus and malware threats within email. Messaging Security is available as part of Check Point UTM-1 Total Security offerings, including UTM-1 Total Security appliances and VPN-1 UTM Total Security software licenses. Click here for more information (http://www.checkpoint.com/defense/advisories/public/messaging/index.html).

Advisories (Sorted by Severity, then Date)
CPAI-2008-064
  Date:
  Severity:
  Description: Update Protection against HP OpenView Network Node Manager Message Handling Buffer Overflow Vulnerability
  Sources: http://aluigi.altervista.org/adv/closedview_old-adv.txt
  Vulnerable Systems: HP OpenView Network Node Manager 7.50 and prior
     
CPAI-2008-210
  Date:
  Severity:
  Description: Update Protection against Asterisk Buffer Overflow Vulnerabilities
  Sources: Asterisk.org/node/48466
FRSIRT:ADV-2008-0928
SECTRACK:1019628
  Vulnerable Systems: Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3
Astersik Open Source 1.6.x before 1.6.0-beta6
Asterisk Business Edition C.x.x before C.1.6.1
AsteriskNOW 1.0.x before 1.0.2
Asterisk Appliance Developer Kit before 1.4 revision 109386
s800i 1.1.x before 1.1.0.2
     
CPAI-2008-054
  Date:
  Severity:
  Description: Update Protection against Microsoft GDI Stack Overflow Vulnerability (MS08-021)
  Sources: Microsoft Security Bulletin MS08-021
  Vulnerable Systems: Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows 2003 Server x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista and Windows Vista SP1
Windows Vista for x64-based Systems
Windows Vista SP1 for x64-based Systems
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 (Itanium)
     
CPAI-2008-053
  Date:
  Severity:
  Description: Update Protection against Microsoft GDI Heap Overflow Vulnerability (MS08-021)
  Sources: Microsoft Security Bulletin MS08-021
  Vulnerable Systems: Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows 2003 Server x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista and Windows Vista SP1
Windows Vista for x64-based Systems
Windows Vista SP1 for x64-based Systems
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 (Itanium)
     
CPAI-2008-050
  Date:
  Severity:
  Description: Update Protection against Microsoft Internet Explorer hxvz.dll Remote Code Execution Vulnerability (MS08-023)
  Sources: Microsoft Security Bulletin MS08-023
  Vulnerable Systems: Internet Explorer 7
Internet Explorer 6
Windows 2000 SP4 with Internet Explorer 5.01 SP4
     
CPAI-2008-049
  Date:
  Severity:
  Description: Update Protection against Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability (MS08-022)
  Sources: Microsoft Security Bulletin MS08-022
  Vulnerable Systems: VBScript 5.6
JScript 5.6
     
CPAI-2008-048
  Date:
  Severity:
  Description: Update Protection against Microsoft Project Remote Code Execution Vulnerability (MS08-018)
  Sources: Microsoft Security Bulletin MS08-018
  Vulnerable Systems: Microsoft Office Project 2000 SP3
Microsoft Office Project 2002 SP3
Microsoft Office Project 2003 SP2
Microsoft Office Project 2003 SP3
     
CPAI-2008-067
  Date:
  Severity:
  Description: Update Protections against Recent Malware Threats (30-Apr-08)
  Sources: http://www.emsisoft.com/en/malware/?Adware.Win32.MusicOfFaith
http://spywarefiles.prevx.com/spywarefiles.asp?FXC=DJFC24641892
http://spywaresignatures.com/details.php?spyware=mxs.toolbar
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2008-066
  Date:
  Severity:
  Description: Update Protection against Motorola Timbuktu Crafted Login Request Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA26588
  Vulnerable Systems: Motorola Timbuktu Pro 8.6.3 and prior
     
CPAI-2008-209
  Date:
  Severity:
  Description: Update Protection against Buffer Overflow Vulnerability in Common Unix Printing System (CUPS)
  Sources: FRSIRT:ADV-2008-1059
SECTRACK:1019739
BID:28544
  Vulnerable Systems: Unix systems running CUPS 1.3.6
     
CPAI-2008-062
  Date:
  Severity:
  Description: Update Protection against Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow Vulnerability
  Sources: FrSIRT/ADV-2007-3011
  Vulnerable Systems: Yahoo! Services Suite for Yahoo! Messenger before 8.1.0.419
     
CPAI-2008-061
  Date:
  Severity:
  Description: Update Protection against RealNetworks RealPlayer Playlist Handling Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA27248
  Vulnerable Systems: RealNetworks RealPlayer 10.5
RealNetworks RealPlayer 11 beta
     
CPAI-2008-058
  Date:
  Severity:
  Description: Update Protection against Facebook Photo Uploader ActiveX Control FileMask Method Buffer Overflow Vulnerability
  Sources: SecurityFocus: 27756
  Vulnerable Systems: Facebook Photo Uploader 4.5.57.0 and prior
     
CPAI-2008-057
  Date:
  Severity:
  Description: Update Protection against Symantec Backup Exec ActiveX Control Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA27885
  Vulnerable Systems: Symantec Backup Exec for Windows Server (BEWS) 11d Build 11.0.6235
Symantec Backup Exec for Windows Server (BEWS) 11d Build 11.0.7170
Symantec Backup Exec for Windows Server (BEWS) 12.0 Build 12.0.1364
     
CPAI-2008-056
  Date:
  Severity:
  Description: Update Protection against Multiple Yahoo! Music Jukebox ActiveX Control Buffer Overflow Vulnerabilities
  Sources: Secunia Advisory: SA28757
  Vulnerable Systems: Yahoo! Music Jukebox 2.2.2.056 and prior
     
CPAI-2008-055
  Date:
  Severity:
  Description: Update Protection against Novell iPrint Client ActiveX Control Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA27994
  Vulnerable Systems: Novell iPrint Client for Windows prior to 4.34
     
CPAI-2008-052
  Date:
  Severity:
  Description: Preemptive Protection against Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020)
  Sources: Microsoft Security Bulletin MS08-020
  Vulnerable Systems: Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista x64 Edition
     
CPAI-2008-051
  Date:
  Severity:
  Description: Update Protections against Recent Malware Threats (1-Apr-08)
  Sources: http://www.enigmasoftware.com/support/?s=mobrules
http://spywaredetector.net/spyware_encyclopedia/ToolBar.ZZToolbar.htm
http://www.browserdefender.com/file/404730/site/chinarank.org.cn/
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2008-065
  Date:
  Severity:
  Description: Update Protection against HP OpenView Products OVTrace Service Stack Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA26394
  Vulnerable Systems: HP OpenView Business Process Insight (OVBPI) 1.x
HP OpenView Business Process Insight (OVBPI) 2.x
HP OpenView Dashboard 2.x
HP OpenView Internet Service (OVIS) 6.x
HP OpenView Network Node Manager 6.x
HP OpenView Network Node Manager 7.x
HP OpenView Operations Manager for Windows (OVOW) 7.x
HP OpenView OVO Agents 8.x
HP OpenView Performance Agent (OVPA) 4.x
HP OpenView Performance Insight (OVPI) 5.x
HP OpenView Performance Manager (OVPM) 5.x
HP OpenView Performance Manager (OVPM) 6.x
HP OpenView Quality Manager (OV SQM) 1.x
HP OpenView Reporter 3.x
HP OpenView Service Desk Process Insight (SDPI) 1.x
HP OpenView Service Desk Process Insight (SDPI) 2.x
HP OpenView Operations HTTPS Agent 8.x
HP OpenView Service Quality Manager (OV SQM) 1.x
     
CPAI-2008-063
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.221.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2008-060
  Date:
  Severity:
  Description: Update Protection against Borland InterBase Database Service Create-Request Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA26189
  Vulnerable Systems: Borland InterBase 2007 Prior to SP2
     
CPAI-2008-059
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.220.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
Defense Updates
CPAI-2008-067
  Date:
  Update Number: 692080429 (Connectra NGX R61/R62)
591080429 (VPN-1 NGX R60)
602080429 (VPN-1 NGX R61/R62/R65)
541080429 (VPN-1 NGX R54/R55)
602080429 (VPN-1 VSX NGX)
602080429 (VPN-1 VSX NGX R65)
592080429 (InterSpect NGX)

  Description: Protections against Recent Malware Threats (30-Apr-08)
     
CPAI-2008-066
  Date:
  Update Number: 692080429 (Connectra NGX R61/R62)
591080429 (VPN-1 NGX R60)
602080429 (VPN-1 NGX R61/R62/R65)
541080429 (VPN-1 NGX R54/R55)
602080429 (VPN-1 VSX NGX R65)
592080429 (InterSpect NGX)
  Description: Motorola Timbuktu Crafted Login Request Buffer Overflow Protection
     
CPAI-2008-065
  Date:
  Update Number: 692080429 (Connectra NGX R61/R62)
591080429 (VPN-1 NGX R60)
602080429 (VPN-1 NGX R61/R62/R65)
541080429 (VPN-1 NGX R54/R55)
602080429 (VPN-1 VSX NGX)
602080429 (VPN-1 VSX NGX R65)
592080429 (InterSpect NGX)
  Description: HP OpenView Products OVTrace Service Stack Buffer Overflow Protection
     
CPAI-2008-064
  Date:
  Update Number: 692080429 (Connectra NGX R61/R62)
591080429 (VPN-1 NGX R60)
602080429 (VPN-1 NGX R61/R62/R65)
541080429 (VPN-1 NGX R54/R55)
602080429 (VPN-1 VSX NGX R65)
592080429 (InterSpect NGX)
  Description: HP OpenView Network Node Manager Message Handling Buffer Overflow Protection
     
CPAI-2008-062
  Date:
  Update Number: 591080421 (VPN-1 NGX R60)
602080421 (VPN-1 NGX R61/R62/R65)
541080421 (VPN-1 NGX R54/R55)
602080421 (VPN-1 VSX NGX)
602080421 (VPN-1 VSX NGX R65)
592080421 (InterSpect NGX)
  Description: Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow Protection
     
CPAI-2008-061
  Date:
  Update Number: 591080421 (VPN-1 NGX R60)
602080421 (VPN-1 NGX R61/R62/R65)
541080421 (VPN-1 NGX R54/R55)
602080421 (VPN-1 VSX NGX)
602080421 (VPN-1 VSX NGX R65)
592080421 (InterSpect NGX)
  Description: RealNetworks RealPlayer Playlist Handling Buffer Overflow Protection
     
CPAI-2008-060
  Date:
  Update Number: 692080421 (Connectra NGX R61/R62)
591080421 (VPN-1 NGX R60)
602080421 (VPN-1 NGX R61/R62/R65)
541080421 (VPN-1 NGX R54/R55)
602080421 (VPN-1 VSX NGX)
602080421 (VPN-1 VSX NGX R65)
592080421 (InterSpect NGX)
  Description: Borland InterBase Database Service Create-Request Buffer Overflow Protection
     
CPAI-2008-058
  Date:
  Update Number: 591080416 (VPN-1 NGX R60)
602080416 (VPN-1 NGX R61/R62/R65)
541080416 (VPN-1 NGX R54/R55)
602080416 (VPN-1 VSX NGX)
602080416 (VPN-1 VSX NGX R65)
592080416 (InterSpect NGX)
  Description: Facebook Photo Uploader ActiveX Control FileMask Method Buffer Overflow Protection
     
CPAI-2008-057
  Date:
  Update Number: 591080416 (VPN-1 NGX R60)
602080416 (VPN-1 NGX R61/R62/R65)
541080416 (VPN-1 NGX R54/R55)
602080416 (VPN-1 VSX NGX)
602080416 (VPN-1 VSX NGX R65)
592080416 (InterSpect NGX)
  Description: Symantec Backup Exec ActiveX Control Buffer Overflow Protection
     
CPAI-2008-056
  Date:
  Update Number: 591080416 (VPN-1 NGX R60)
602080416 (VPN-1 NGX R61/R62/R65)
541080416 (VPN-1 NGX R54/R55)
602080416 (VPN-1 VSX NGX)
602080416 (VPN-1 VSX NGX R65)
592080416 (InterSpect NGX)
  Description: Multiple Yahoo! Music Jukebox ActiveX Control Buffer Overflow Protection
     
CPAI-2008-055
  Date:
  Update Number: 591080416 (VPN-1 NGX R60)
602080416 (VPN-1 NGX R61/R62/R65)
541080416 (VPN-1 NGX R54/R55)
602080416 (VPN-1 VSX NGX)
602080416 (VPN-1 VSX NGX R65)
592080416 (InterSpect NGX)
  Description: Novell iPrint Client ActiveX Control Buffer Overflow Protection
     
CPAI-2008-059
  Date:
  Update Number: 692080415 (Connectra NGX R61/R62)
691080415 (Connectra NGX R60)
  Description: Integrity Clientless Security (ICS) Update 3.7.220.0
     
CPAI-2008-054
  Date:
  Update Number: 591080408 (VPN-1 NGX R60)
602080408 (VPN-1 NGX R61/R62/R65)
602080408 (VPN-1 VSX NGX R65)
  Description: Microsoft GDI Stack Overflow Protection (MS08-021)
     
CPAI-2008-053
  Date:
  Update Number: 591080408 (VPN-1 NGX R60)
602080408 (VPN-1 NGX R61/R62/R65)
602080408 (VPN-1 VSX NGX R65)
  Description: Microsoft GDI Heap Overflow Protection (MS08-021)
     
CPAI-2008-050
  Date:
  Update Number: 591080408 (VPN-1 NGX R60)
602080408 (VPN-1 NGX R61/R62/R65)
602080408 (VPN-1 VSX NGX R65)
  Description: Microsoft Internet Explorer hxvz.dll Code Execution Protection (MS08-023)
     
CPAI-2008-049
  Date:
  Update Number: 591080408 (VPN-1 NGX R60)
602080408 (VPN-1 NGX R61/R62/R65)
541080408 (VPN-1 NGX R54/R55)
602080408 (VPN-1 VSX NGX)
602080408 (VPN-1 VSX NGX R65)
592080408 (InterSpect NGX)
  Description: Microsoft VBScript and JScript Scripting Engines Protection (MS08-022)
     
CPAI-2008-048
  Date:
  Update Number: 591080408 (VPN-1 NGX R60)
602080408 (VPN-1 NGX R61/R62/R65)
602080408 (VPN-1 VSX NGX R65)
  Description: Microsoft Project Remote Code Execution Protection (MS08-018)
     
CPAI-2008-051
  Date:
  Update Number: 591080401 (VPN-1 NGX R60)
602080401 (VPN-1 NGX R61/R62/R65)
541080401 (VPN-1 NGX R54/R55)
602080401 (VPN-1 VSX NGX)
602080401 (VPN-1 VSX NGX R65)
592080401 (InterSpect NGX)
  Description: Protections against Recent Malware Threats (1-Apr-08)
     
SDS Footer

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright 2003-2008 Check Point Software Technologies LTD (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065