»Top Protections

Adobe Flash Media Server Vulnerability
(APSB09-18, CVE-2009-3792)

A directory traversal vulnerability has been discovered in Adobe Flash Media Server (FMS). This vulnerability allows a hacker to access normally inaccessible files and directories through a specially created HTTP request. This protection will detect and block attempts to transfer malformed HTTP requests sent to the vulnerable server. No update is required to address this vulnerability. Check Point pre-emptive protection is available through its integrated IPS products, IPS Software Blade, and SmartDefense. More information.

Microsoft IIS File Parsing Vulnerability
(Microsoft Security Response Center, SecurityTracker Alert ID: 1023387)

A filename parsing vulnerability has been reported in Microsoft Internet Information Services (IIS) web server. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system. Check Point provides immediate protection against exploits that use this vulnerability through its integrated IPS products. Check Point IPS Software Blade and SmartDefense detect and block HTTP requests attempting to exploit this vulnerability. More information.

HP OpenView Network Node Manager Vulnerabilities
(HP Security Bulletin)

Severalvulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM). The NNM server controls most of the networking devices on the company network. These vulnerabilities can be exploited remotely to execute arbitrary code or crash an affected system. Check Point provides pre-emptive protection against some of these vulnerabilities as well as immediate protections to other NNM attacks through its integrated IPS offerings, IPS Software Blade and SmartDefense. More information.
January 12, 2010

IN THIS ADVISORY:

  • Adobe Flash Media Server Vulnerability
  • Microsoft IIS File Parsing Vulnerability
  • HP OpenView Network Node Manager Vulnerabilities


  • Save a Database Version before an IPS Update


  • Including Patch Tuesday

DEPLOYMENT TIP
Best Practice: Save a Database Version before an IPS Update
SmartDashboard allows you to manage different versions of the database for troubleshooting and diagnostics. A database version consists of all security policies, objects, users, and IPS protections. With R70 Security Gateway you can control your database versions by activating the Database Revision Control option directly from the IPS Download Updates window. This saves you the extra work of configuring it through the Database Revision Control window and automatically saves the database version you were working on before doing the update. Restoring a database version reverts the database back to the state that it was in before the update was performed.

To activate automatic revision control:
  1. In the IPS tab, select Download Updates.
  2. Check the Apply Revision Control: Before update save changes and create database version option.

Version Operations are performed via the Database Revision Control window. This window can be accessed by selecting File > Database Revision Control.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

SeverityVulnerability DescriptionCheck Point Protection
IssuedIndustry ReferenceCheck Point Reference
NumberCriticalEmbedded OpenType Font Heap Overflow 12-Jan-10MS10-001
CVE-2010-0018SBP-2010-03CriticalAdobe Reader and Acrobat Doc.media.newPlayer Memory Corruption 13-Mar-08APSA09-07
CVE-2009-4324CPAI-2009-295CriticalAdobe Flash Media Server Directory Traversal08-Sep-05APSB09-18
CVE-2009-3792CPAI-2009-330CriticalAdobe Flash Media Server Resource Exhaustion Denial of Service 23-Dec-09APSB09-18
CVE-2009-3791CPAI-2009-255CriticalAdobe Flash Player File Existence Information Disclosure 09-Dec-09APSB09-19
CVE-2009-3951CPAI-2009-271CriticalAdobe Flash Player JPEG Dimensions Data Parsing Heap Overflow 09-Dec-09APSB09-19
CVE-2009-3794CPAI-2009-269CriticalHP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow01-Jul-04CVE-2009-4177CPAI-2009-311CriticalHP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow01-Jul-04CVE-2009-4180CPAI-2009-310CriticalHP Operations Manager Server Unauthorized File Upload03-Jan-10CVE-2009-3843CPAI-2009-312CriticalHP OpenView Network Node Manager ovalarm.exe Accept-Language Buffer Overflow03-Jan-10CVE-2009-4179CPAI-2009-314CriticalOracle Database Server CREATE_TABLES SQL Injection23-Dec-09CVE-2009-1991CPAI-2009-297CriticalIBM Tivoli Storage Manager Client CAD Service Buffer Overflow12-Dec-09CVE-2009-3853CPAI-2009-307HighMicrosoft IIS Filename Extension Parsing Security Bypass 28-Dec-09N/ACPAI-2009-331
More Updates >


Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?




» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.


You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065