»Top Protections

Adobe Flash Media Server Vulnerability
(APSB09-18, CVE-2009-3792)

A directory traversal vulnerability has been discovered in Adobe Flash Media Server (FMS). This vulnerability allows a hacker to access normally inaccessible files and directories through a specially created HTTP request. This protection will detect and block attempts to transfer malformed HTTP requests sent to the vulnerable server. No update is required to address this vulnerability. Check Point pre-emptive protection is available through its integrated IPS products, IPS Software Blade, and SmartDefense. More information.

Free SmartDefense 30 Day TrialMicrosoft IIS File Parsing Vulnerability
(Microsoft Security Response Center, SecurityTracker Alert ID: 1023387)

A filename parsing vulnerability has been reported in Microsoft Internet Information Services (IIS) web server. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system. Check Point provides immediate protection against exploits that use this vulnerability through its integrated IPS products. Check Point IPS Software Blade and SmartDefense detect and block HTTP requests attempting to exploit this vulnerability. More information.

HP OpenView Network Node Manager Vulnerabilities
(HP Security Bulletin)

Several vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM). The NNM server controls most of the networking devices on the company network. These vulnerabilities can be exploited remotely to execute arbitrary code or crash an affected system. Check Point provides pre-emptive protection against some of these vulnerabilities as well as immediate protections to other NNM attacks through its integrated IPS offerings, IPS Software Blade and SmartDefense. More information.
January 12, 2010

IN THIS ADVISORY:
  • Adobe Flash Media Server Vulnerability
  • Microsoft IIS File Parsing Vulnerability
  • HP OpenView Network Node Manager Vulnerabilities
  • Save a Database Version before an IPS Update
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Save a Database Version before an IPS Update
SmartDashboard allows you to manage different versions of the database for troubleshooting and diagnostics. A database version consists of all security policies, objects, users, and IPS protections. With R70 Security Gateway you can control your database versions by activating the Database Revision Control option directly from the IPS Download Updates window. This saves you the extra work of configuring it through the Database Revision Control window and automatically saves the database version you were working on before doing the update. Restoring a database version reverts the database back to the state that it was in before the update was performed.

To activate automatic revision control:
  1. In the IPS tab, select Download Updates.
  2. Check the Apply Revision Control: Before update save changes and create database version option.
Best Practice: Save a Database Version before an IPS Update

Version Operations are performed via the Database Revision Control window. This window can be accessed by selecting File > Database Revision Control.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Embedded OpenType Font Heap Overflow  12-Jan-10 MS10-001
CVE-2010-0018
SBP-2010-03
CriticalCritical Adobe Reader and Acrobat Doc.media.newPlayer Memory Corruption  13-Mar-08 APSA09-07
CVE-2009-4324
CPAI-2009-295
CriticalCritical Adobe Flash Media Server Directory Traversal 08-Sep-05 APSB09-18
CVE-2009-3792
CPAI-2009-330
CriticalCritical Adobe Flash Media Server Resource Exhaustion Denial of Service  23-Dec-09 APSB09-18
CVE-2009-3791
CPAI-2009-255
CriticalCritical Adobe Flash Player File Existence Information Disclosure  09-Dec-09 APSB09-19
CVE-2009-3951
CPAI-2009-271
CriticalCritical Adobe Flash Player JPEG Dimensions Data Parsing Heap Overflow  09-Dec-09 APSB09-19
CVE-2009-3794
CPAI-2009-269
CriticalCritical HP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow 01-Jul-04 CVE-2009-4177 CPAI-2009-311
CriticalCritical HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow 01-Jul-04 CVE-2009-4180 CPAI-2009-310
CriticalCritical HP Operations Manager Server Unauthorized File Upload 03-Jan-10 CVE-2009-3843 CPAI-2009-312
CriticalCritical HP OpenView Network Node Manager ovalarm.exe Accept-Language Buffer Overflow 03-Jan-10 CVE-2009-4179 CPAI-2009-314
CriticalCritical Oracle Database Server CREATE_TABLES SQL Injection 23-Dec-09 CVE-2009-1991 CPAI-2009-297
CriticalCritical IBM Tivoli Storage Manager Client CAD Service Buffer Overflow 12-Dec-09 CVE-2009-3853 CPAI-2009-307
CriticalHigh Microsoft IIS Filename Extension Parsing Security Bypass  28-Dec-09 N/A CPAI-2009-331

More Updates >



Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories


» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065