content filtering
``The ZyWALL USG (Unified Security Gateway) Series is the "third
generation" ZyWALL featuring an all-new platform. It provides greater
performance protection, as well as a deep packet inspection security
solution for small businesses to enterprises alike. It embodies a
Stateful Packet Inspection (SPI) firewall, Anti-Virus, Intrusion
Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN
(IPSec/SSL/L2TP) in one box. This multilayered security safeguards your
organization's customer and company records, intellectual property, and
critical resources from external and internal threats.''
(From the vendor's homepage)
``The ZyWALL USG (Unified Security Gateway) Series is the "third
generation" ZyWALL featuring an all-new platform. It provides greater
performance protection, as well as a deep packet inspection security
solution for small businesses to enterprises alike. It embodies a
Stateful Packet Inspection (SPI) firewall, Anti-Virus, Intrusion
Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN
(IPSec/SSL/L2TP) in one box. This multilayered security safeguards your
organization's customer and company records, intellectual property, and
critical resources from external and internal threats.''
(From the vendor's homepage)
* Users should apply the solution provided by Adobe(APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html ).
* FortiGuard Labs released a signature to protect against this vulnerability.
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-26.html
CVE ID: CVE-2010-3637 (FG-VD-10-020)
by removing, or commenting out, the line referencing "wp6sr.dll" from
the "KeyView.ini" file within the Lotus Notes program directory.
Deleting "wp6sr.dll" from the affected system will also prevent
exploitation.
For Symantec Mail Security, disabling "content filtering" will prevent
exploitation.
Additional workarounds are available from the individual vendors'
advisories referenced below.
Solutions:
Use the solution provided by EMC http://powerlink.emc.com/
The FortiGuard Global Security Research Team released a signature "EMC.Products.Malicious.Array.Count.DoS", which covers this specific vulnerability
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this <vulnerability type>. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
http://powerlink.emc.com/
http://www.fortiguardcenter.com/advisory/FGA-2008-23.html
Solutions:
• Use the solution provided by Microsoft (Microsoft Security Advisory 954157).
• FortiGuard Labs released a signature "MS.Windows.Indeo.Codec.Memory.Corruption", which covers this specific vulnerability.
FortiGuard Labs continues to monitor attacks against this vulnerability.
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this memory corruption vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
• Microsoft Security Advisory: http://www.microsoft.com/technet/security/advisory/954157.MSpx"
• Microsoft Knowledge Base Article: http://support.microsoft.com/kb/954157
• CVE ID: CVE-2009-4210
Solutions:
==========
Use the solution provided by Adobe (APSB09-07).
The FortiGuard Global Security Research Team released the IPS signature "Adobe.Reader.Acrobat.TrueType.Font.Handling.Memory.Corruption", which covers this specific vulnerability.
Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this memory corruption vulnerability. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
===========
FortiGuard Advisory: http://www.fortiguardcenter.com/advisory/FGA-2009-25.html
Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb09-07.html
Use the solution provided by Oracle http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
The FortiGuard Global Security Research Team released a signature "Oracle.NDMP.CONNECT.CLIENT.AUTH.User.ID.Buffer.Overflow" on Jan 13 2009, which covers
this specific vulnerability.
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against this Remote Code Execution Vulnerability. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
Acknowledgement:
================
Zhenhualiu and XiaopengZhang of Fortinet's FortiGuard Global Security Research Team
Solutions:
• Use the solution provided by Microsoft (MS09-074).
• FortiGuard Labs released a signature "MS.Project.Props.List.Memory.Corruption", which covers this specific vulnerability.
FortiGuard Labs continues to monitor attacks against this vulnerability.
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this memory corruption vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
• Microsoft Bulletin: http://www.microsoft.com/technet/security/bulletin/ms09-074.mspx
• CVE ID: CVE-2009-0102
Solutions:
==========
Use the solution provided by Microsoft (MS09-009).
The FortiGuard Global Security Research Team released a signature "MS.Excel.OBJ.Subrecord.Code.Execution", which covers this specific vulnerability.
Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this memory corruption vulnerability. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
===========
FortiGuard Advisory: http://www.fortiguardcenter.com/advisory/FGA-2009-16.html
Microsoft Bulletin: http://www.microsoft.com/technet/security/Bulletin/ms09-009.mspx
Solutions:
==========
Use the workaround solution provided by Microsoft (973472).
The FortiGuard Global Security Research Team released a signature "MS.Office.Web.Components.Memory.Corruption", which covers this specific vulnerability.
Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this remote code execution vulnerability. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
===========
FortiGuard Advisory: http://www.fortiguardcenter.com/advisory/FGA-2009-27.html
Microsoft Security Advisory: http://www.microsoft.com/technet/security/advisory/973472.mspx
Solutions:
==========
Use the solution provided by Microsoft (MS09-019).
The FortiGuard Global Security Research Team released a signature "MS.IE.DHTML.Function.Remote.Code.Execution", which covers this specific vulnerability.
Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this memory corruption vulnerability. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
===========
FortiGuard Advisory: http://www.fortiguardcenter.com/advisory/FGA-2009-22.html
Microsoft Bulletin: http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
==========
Use the solution provided by Oracle http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against this Remote Denial Of Service
vulnerability. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
Acknowledgement:
================
Zhenhualiu and XiaopengZhang of Fortinet's FortiGuard Global Security Research Team
RepliStor 6.2 SP5: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.2 SP5
RepliStor 6.3 SP2: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.3 SP2
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against this buffer overflow
vulnerability. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions
such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application
and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet
to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats.
These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure
guidelines to ensure optimum protection during a threat's lifecycle.
Risk: Low
Description: The ZyWALL 100 is designed to act as a secure gateway via
xDSL/Cable modems or broadband routers for small to medium size
companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN
capability, MultiNAT, web pages content filtering and an embedded web
configurator for easy configuration and management.
ZyWALL web based management interface utilizes referer header for
serving 404 Error pages. The vulnerability can be exploited by
requesting a non-existing web page with a specially crafted referer
Removing the xlssr.dll filter module from the affected system(s).
Delete or comment out the line referencing "xlssr.dll" from the
"KeyView.ini" file distributed with the affected application.
Additionally, for Symantec Mail Security, disabling "content filtering"
will prevent exploitation.
VI. VENDOR RESPONSE
IBM has released a patch which addresses this issue in Lotus Notes. For
==========
Use the solution provided by Oracle http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against these Remote Denial Of
Service vulnerabilities. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
Acknowledgement:
================
Zhenhualiu and XiaopengZhang of Fortinet's FortiGuard Global Security Research Team
* FortiGuard Labs released the signature "MS.IE.MergeAttributes.Remote.Code.Execution".
o Advanced zero-day protection has been available since September 3, 2009.
FortiGuard Labs continues to monitor attacks against this vulnerability.
Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
===========
FortiGuard Advisory: http://www.fortiguard.com/advisory/FGA-2010-05.html
Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
==========
Apple security updates are available via their Software Update mechanism.
Apple security updates are available for manual download here.
The FortiGuard Global Security Research Team released a signature "DHTML.Malicious.Table.Elements", which covers this specific vulnerability.
Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this memory corruption vulnerability. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
===========
FortiGuard Advisory: http://www.fortiguardcenter.com/advisory/FGA-2009-23.html
Apple Security Updates for Safari 4.0: http://support.apple.com/kb/HT3613
Vulnerabilities Die Hard - Kowsik Guruswamy, Mu
Hacking Windows Vista - Dan Grifin, JW Secure
ExeFilter: a new open-source framework for active content filtering -
Philippe Lagadec,NATO/NC3A
VetNetSec: Security testing for Extremists - Eric Hacker, BT INS
w3af: A framework to own the web - Andres Riancho, Cybsec
to be vulnerable. A full list of vulnerable Symantec products can be
found in Symantec Security Advisory SYM10-006.
V. WORKAROUND
For Symantec Mail Security, disabling "content filtering" will prevent
exploitation.
Unfortunately, disabling the affected "kvolefio.dll" library causes
additional issues. Working around this issue by disabling filters would
require all filters that utilize this module to be disabled. It is not
Solutions:
==========
The FortiGuard Global Security Research Team released the signature "RealNetworks.RealPlayer.IVR.File.Processing.Code.Execution"
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against these code execute vulnerabilities. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
Acknowledgement:
================
Haifei Li of Fortinet's FortiGuard Global Security Research Team
|
