July 2008 SmartDefense Services Bulletin

SmartDefense Services Bulletin

July 2008

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

In This Bulletin

About SmartDefense Services
What's New
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

Preemptive, ongoing, and real-time updates to defenses and security policies
Ongoing new protocol and application defenses against emerging threats and attacks
Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
Messaging Security updates (providing comprehensive protection for email infrastructures) for UTM-1 Total Security appliances and VPN-1 UTM Total Security software licenses
Anti-virus updates and alerts for Check Point VPN-1 UTM
Anti-spyware updates for Check Point Endpoint Security
Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Check Point Endpoint Security)

What's New

New SmartDefense User Forum
Participate in the new SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features. The role of this forum is to allow SmartDefense users to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the Forum and provide information on the issues posted.

Security Advisory: SmartDefense Provides Preemptive Protection against Multi-Vendor DNS Vulnerability
The latest DNS cache poisoning technique, announced by CERT on July 8, 2008, exploits DNS requests that do not randomize source ports (CVE-2008-1447). The spoofing vulnerability has been reported in major DNS implementations, including Microsoft Windows DNS service and Berkeley Internet Name Domain (BIND). Check Point VPN-1 Power/UTM and Connectra protect customers from the attack by using SmartDefense DNS request scrambling, which has been available to customers since March 2005. For more information on this threat, refer to SmartDefense Services Advisory CPAI-2008-092.

Security Advisory: Protections against Apple Safari Remote Code Execution on Windows and Related Vulnerabilities
The widely reported vulnerability affects users of Windows XP and Vista when Apple’s Safari for Windows is installed. However, the underlying vulnerability deals with how Windows handles dynamic link libraries (DLLs) and is more serious. Apple issued a patch on June 19th for the Safari-specific vulnerability. Microsoft has not released a patch for the broader DLL threat, which is a blended threat in which files may be downloaded to a machine without prompting, allowing them to be executed. SmartDefense Services Update CPAI-2008-082, issued on June 2, provides protection not only from the Safari instance of the DLL threats but other exploits that may try to utilize the broader vulnerability.

New SmartDefense Microsoft Security Page
A dedicated SmartDefense web section with details and links for Microsoft vulnerabilities and related Check Point defenses.SmartDefense protections can secure the period between release of a Microsoft patch and the time that the patch is successfully applied throughout your network infrastructure. Visit the SmartDefense Microsoft Security Page for additional information.

Messaging Security -- Protect your Email Infrastructure
Check Point Messaging Security provides comprehensive protection for an organization's email infrastructure with multiple dimensions of defense, including: anti-spam, IP reputation checks, mail antivirus, malware protection, etc. Messaging Security is available as part of Check Point UTM-1 Total Security offerings Visit the Messaging Security site for more information.

Advisories (Sorted by Severity, then Date)


CPAI-2008-076
	Date:
	Severity:
	Description:	Update Protection against Microsoft Windows Media Player SAMI Format Parsing Vulnerability (MS08-033)
	Sources:	Microsoft Security Bulletin MS08-033
	Vulnerable Systems:	Microsoft Windows 2000 SP4 Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP1 (Itanium) Windows Server 2003 with SP2 (Itanium) Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 (Itanium)

CPAI-2008-212
	Date:
	Severity:
	Description:	Update Protection against Computer Associates (CA) ARCserve Backup Software for Laptops and Desktops Buffer Overflow Vulnerability
	Sources:	SECTRACK:1019788 SREASON:3800
	Vulnerable Systems:	CA BrightStor ARCserve Backup for Laptops and Desktops 11.0 CA BrightStor ARCserve Backup for Laptops and Desktops 11.1 CA BrightStor ARCserve Backup for Laptops and Desktops 11.1 SP1 and SP2 CA BrightStor ARCserve Backup Laptops Desktops 11.5 CA Desktop Management Suite 11.1 CA Desktop Management Suite 11.2 English CA Desktop Management Suite 11.2 Localized

CPAI-2008-082
	Date:
	Severity:
	Description:	Update Protection against Apple Safari on Windows Platform Remote Code Execution Vulnerability (MS09-015)
	Sources:	Microsoft Security Advisory (953818) Microsoft Security Bulletin MS09-015
	Vulnerable Systems:	Internet Explorer 6 Internet Explorer 7 Microsoft Windows XP SP2 Microsoft Windows XP SP3 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows Vista Microsoft Windows Vista SP1 Microsoft Windows Vista x64 Edition Microsoft Windows Vista x64 Edition SP1

CPAI-2008-090
	Date:
	Severity:
	Description:	Preemptive Protection against CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability
	Sources:	Secunia Advisory: SA30518
	Vulnerable Systems:	CA eTrust Secure Content Manager 8

CPAI-2008-084
	Date:
	Severity:
	Description:	Update Protection against IBM Lotus Domino Web Server HTTP Header Buffer Overflow Vulnerability
	Sources:	Secunia Advisory: SA30310
	Vulnerable Systems:	IBM Lotus Domino 6 IBM Lotus Domino 6.5 IBM Lotus Domino 7.0.x prior to 7.0.3 Fix Pack 1 (FP1) IBM Lotus Domino 8.0.x prior to 8.0.1

CPAI-2008-081
	Date:
	Severity:
	Description:	Update Protection against Microsoft Active Directory Denial of Service Vulnerability (MS08-035)
	Sources:	Microsoft Security Bulletin MS08-035
	Vulnerable Systems:	Microsoft Windows 2000 Server SP4 Windows XP Professional SP2 Windows XP Professional SP3 Windows XP Professional x64 Edition Windows XP Professional Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP1 (Itanium) Windows Server 2003 with SP2 (Itanium) Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 (Itanium)

CPAI-2008-079
	Date:
	Severity:
	Description:	Update Protection against PGM Invalid Length Vulnerability (MS08-036)
	Sources:	Microsoft Security Bulletin MS08-036
	Vulnerable Systems:	Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP1 (Itanium) Windows Server 2003 with SP2 (Itanium) Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 (Itanium)

CPAI-2008-077
	Date:
	Severity:
	Description:	Update Protection against Microsoft WINS Remote Code Execution Vulnerability (MS08-034)
	Sources:	Microsoft Security Bulletin MS08-034
	Vulnerable Systems:	Microsoft Windows 2000 Server SP4 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 SP1 (Itanium) Windows Server 2003 SP2 (Itanium)

CPAI-2008-211
	Date:
	Severity:
	Description:	Update Protection Against Computer Associates (CA) Product Alert Notifications Server Multiple Buffer Overflow Vulnerabilities
	Sources:	SECUNIA:29665
	Vulnerable Systems:	CA Anti-Virus for the Enterprise 7.1 CA Anti-Virus for the Enterprise 8.0 CA Anti-Virus for the Enterprise 8.1 CA BrightStor ARCserve Backup 11.0 CA BrightStor ARCserve Backup 11.1 CA BrightStor ARCserve Backup 11.5 CA Threat Manager for the Enterprise 8.0 CA Threat Manager for the Enterprise 8.1

CPAI-2008-075
	Date:
	Severity:
	Description:	Update Protections against Recent Malware Threats (1-Jun-08)
	Sources:	Trojan.eCodec AdWare.Win32.Ejik.bc
	Vulnerable Systems:	Microsoft Windows clients

CPAI-2008-074
	Date:
	Severity:
	Description:	Update Protection against Novell eDirectory HTTP Headers Denial of Service Vulnerability
	Sources:	Secunia Advisory: SA29805
	Vulnerable Systems:	Novell eDirectory prior to 8.7.3 sp10 Novell eDirectory prior to 8.8.2

CPAI-2008-073
	Date:
	Severity:
	Description:	Update Protection against Linux Kernel IPv6 over IPv4 Memory Leak Denial of Service Vulnerability
	Sources:	Secunia Advisory: SA30241
	Vulnerable Systems:	Linux Kernel Project Kernel prior to 2.6.25.3

CPAI-2008-083
	Date:
	Severity:
	Description:	Integrity Clientless Security (ICS) Update 3.7.231.0
	Sources:	SmartDefense Research Center
	Vulnerable Systems:	Microsoft Windows clients

CPAI-2008-080
	Date:
	Severity:
	Description:	Update Protection against PGM Malformed Fragment Vulnerability (MS08-036)
	Sources:	Microsoft Security Bulletin MS08-036
	Vulnerable Systems:	Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP1 (Itanium) Windows Server 2003 with SP2 (Itanium) Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 (Itanium)

CPAI-2008-078
	Date:
	Severity:
	Description:	Update Protection against Microsoft ActiveX Object Memory Corruption Vulnerability (MS08-032)
	Sources:	Microsoft Security Bulletin MS08-032
	Vulnerable Systems:	Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows XP SP3 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 x64 Edition Microsoft Windows Server 2003 x64 Edition SP2 Microsoft Windows Server 2003 with SP1 (Itanium) Microsoft Windows Server 2003 with SP2 (Itanium) Microsoft Windows Vista Microsoft Windows Vista SP1 Microsoft Windows Vista x64 Edition Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for (Itanium)

Defense Updates


CPAI-2008-084
	Date:
	Update Number:	692080618 (Connectra NGX R61/R62) 591080618 (VPN-1 NGX R60) 602080618 (VPN-1 NGX R61/R62/R65) 602080618 (VPN-1 VSX NGX) 602080618 (VPN-1 VSX NGX R65) 592080618 (InterSpect NGX)
	Description:	IBM Lotus Domino Web Server HTTP Header Buffer Overflow Protection


CPAI-2008-081
	Date:
	Update Number:	692080618 (Connectra NGX R61/R62) 591080618 (VPN-1 NGX R60) 602080618 (VPN-1 VSX NGX) 592080618 (InterSpect NGX)
	Description:	Microsoft Active Directory Denial of Service Protection (MS08-035)


CPAI-2008-080
	Date:
	Update Number:	692080618 (Connectra NGX R61/R62) 591080618 (VPN-1 NGX R60) 602080618 (VPN-1 VSX NGX) 592080618 (InterSpect NGX)
	Description:	PGM Malformed Fragment Protection (MS08-036)


CPAI-2008-079
	Date:
	Update Number:	692080618 (Connectra NGX R61/R62) 591080618 (VPN-1 NGX R60) 602080618 (VPN-1 VSX NGX) 592080618 (InterSpect NGX)
	Description:	PGM Invalid Length Protection (MS08-036)


CPAI-2008-078
	Date:
	Update Number:	591080618 (VPN-1 NGX R60) 602080618 (VPN-1 VSX NGX) 592080618 (InterSpect NGX)
	Description:	Microsoft ActiveX Object Memory Corruption Protection (MS08-032)


CPAI-2008-077
	Date:
	Update Number:	692080618 (Connectra NGX R61/R62) 591080618 (VPN-1 NGX R60) 602080618 (VPN-1 VSX NGX) 592080618 (InterSpect NGX)
	Description:	Microsoft WINS Remote Code Execution Protection (MS08-034)


CPAI-2008-076
	Date:
	Update Number:	591080618 (VPN-1 NGX R60) 602080618 (VPN-1 VSX NGX) 592080618 (InterSpect NGX)
	Description:	Microsoft Windows Media Player SAMI Format Parsing Protection (MS08-033)


CPAI-2008-083
	Date:
	Update Number:	692080616(Connectra NGX R61/R62) 691080616 (Connectra NGX R60)
	Description:	Integrity Clientless Security (ICS) Update 3.7.231.0


CPAI-2008-081
	Date:
	Update Number:	602080605 (VPN-1 NGX R61/R62/R65) 602080605 (VPN-1 VSX NGX R65)
	Description:	Microsoft Active Directory Denial of Service Protection (MS08-035)


CPAI-2008-080
	Date:
	Update Number:	602080605 (VPN-1 NGX R61/R62/R65) 602080605 (VPN-1 VSX NGX R65)
	Description:	PGM Malformed Fragment Protection (MS08-036)


CPAI-2008-079
	Date:
	Update Number:	602080605 (VPN-1 NGX R61/R62/R65) 602080605 (VPN-1 VSX NGX R65)
	Description:	PGM Invalid Length Protection (MS08-036)


CPAI-2008-078
	Date:
	Update Number:	602080605 (VPN-1 NGX R61/R62/R65) 602080605 (VPN-1 VSX NGX R65)
	Description:	Microsoft ActiveX Object Memory Corruption Protection (MS08-032)


CPAI-2008-077
	Date:
	Update Number:	602080605 (VPN-1 NGX R61/R62/R65) 602080605 (VPN-1 VSX NGX R65)
	Description:	Microsoft WINS Remote Code Execution Protection (MS08-034)


CPAI-2008-076
	Date:
	Update Number:	602080605 (VPN-1 NGX R61/R62/R65) 602080605 (VPN-1 VSX NGX R65)
	Description:	Microsoft Windows Media Player SAMI Format Parsing Protection (MS08-033)


CPAI-2008-082
	Date:
	Update Number:	692080602 (Connectra NGX R61/R62) 591080602 (VPN-1 NGX R60) 602080602 (VPN-1 NGX R61/R62/R65) 602080602 (VPN-1 VSX NGX) 602080602 (VPN-1 VSX NGX R65) 592080602 (InterSpect NGX) 506080602 (IPS-1)
	Description:	Apple Safari on Windows Platform Remote Code Execution Protection


CPAI-2008-075
	Date:
	Update Number:	591080528 (VPN-1 NGX R60) 602080528 (VPN-1 NGX R61/R62/R65) 541080528 (VPN-1 NGX R54/R55) 602080528 (VPN-1 VSX NGX) 602080528 (VPN-1 VSX NGX R65) 592080528 (InterSpect NGX)
	Description:	Protections against Recent Malware Threats (1-Jun-08)


CPAI-2008-074
	Date:
	Update Number:	692080528 (Connectra NGX R61/R62) 591080528 (VPN-1 NGX R60) 541080528 (VPN-1 NGX R54/R55) 602080528 (VPN-1 NGX R61/R62/R65) 602080528 (VPN-1 VSX NGX) 602080528 (VPN-1 VSX NGX R65) 592080528 (InterSpect NGX)
	Description:	Novell eDirectory HTTP Headers Denial of Service Protection


CPAI-2008-073
	Date:
	Update Number:	692080528 (Connectra NGX R61/R62) 591080528 (VPN-1 NGX R60) 541080528 (VPN-1 NGX R54/R55) 602080528 (VPN-1 NGX R61/R62/R65) 602080528 (VPN-1 VSX NGX) 602080528 (VPN-1 VSX NGX R65) 592080528 (InterSpect NGX)
	Description:	Linux Kernel IPv6 over IPv4 Memory Leak Denial of Service Protection

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).