|»Hot SmartDefense Protection Reminder
Microsoft Image Format Handling Vulnerabilities
Microsoft image handling vulnerabilities can be exploited by using malformed versions of the popular image file types GIF, WMF, EMF and BMP. Microsoft’s GDI+ fails to handle these maliciously-crafted image files. By persuading a user to open the file, an attacker can take complete control of an affected system. For information on how SmartDefence protects your network from these threats see Microsoft Image Format Handling Vulnerabilities.
Apache Tomcat Directory Traversal Vulnerability (CVE-2008-2938)
This vulnerability allows a hacker to access normally-inaccessible files and directories through a specially-created HTTP request. For most Check Point products, SmartDefense has protected against this vulnerability since July 16, 2006. For more information, see CPAI-2008-134.
Multi-Vendor DNS Spoofing
(CVE-2008-1447) This vulnerability continues to be a concern as attacks based on it have surfaced. This DNS cache poisoning technique exploits DNS requests that do not randomize source ports.The spoofing vulnerability has been reported in major DNS implementations, including Microsoft Windows DNS service and Berkeley Internet Name Domain (BIND). Check Point SmartDefense protections for DNS have been available since May 2004. We strongly encourage our customers to take the necessary steps to protect their network infrastructure. For more information, see DNS Vulnerability Spoofing Protection.
September 9, 2008
IN THIS ADVISORY:
- Microsoft Image Format Handling Vulnerabilities
- Apache Tomcat Traversal Vulnerability
- Multi-Vendor DNS Spoofing
- Controlling Remote Access
|» Highlighted SmartDefense Updates
This table lists SmartDefense protection updates for recently disclosed threats. In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More SmartDefense Updates >
» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point
products through the Check Point SmartCenter management interface.
Best Practice: Controlling Remote Access
More security breaches occur by an attacker connecting to remote access servers inside a network than by any other means.* Because this access appears legitimate, you may not even realize that your security has been compromised. SmartDefense offers a number of protections against this attack vector, including:
- Remote Administrator Authentication Enforcement
This protection enforces the proper usage of the widely-used remote access application, Remote Administrator. This protection requires that any Remote Administrator session is authenticated via username and password.
- Block VNC Authentication Bypass
This protection guards against vulnerabilities in the popular remote access application Virtual Network Computing (VNC). With this protection you can configure SmartDefense to block unauthenticated negotiations between the VNC client and server. For more information about this protection, see CPAI-2006-071.
You can configure these Remote Control application protections in SmartDashboard:
* Verizon 2008 Data Breach Investigations Report
- Click the SmartDefense tab.
- Click Application Intelligence > Remote Control Applications.
- Activate the protections
|Have SmartDefense feature questions?
Participate in the new SmartDefense User
Forum. The SmartDefense Forum is your
space for asking questions regarding all
SmartDefense features. The role of this
forum is to allow SmartDefense users to collaborate with other SmartDefense users,
worldwide, on SmartDefense-related issues. Check Point employees may monitor
the forum and provide information on the issues posted.
» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are
integrated into Check Point products. SmartDefense is updated by SmartDefense
Services, which provide ongoing and real-time updates and configuration advisories
for defenses and security policies. SmartDefense also helps to minimize threats
by providing defenses that can be used before vendor supplied patches become
available or are fully installed throughout the network. SmartDefense protections
are developed and distributed by SmartDefense Research and Response Centers
located around the globe.
For additional information about SmartDefense and SmartDefense Services, please
visit the SmartDefense section of the Check Point Website.
Archived SmartDefense Security Advisories >
|You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2008 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065