Next Page >>
intrusion prevention
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo
Frame Denial of Service
Advisory ID: cisco-sa-20080618-ips
Revision 1.0
CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention
System
Issued: August 18, 2009
CA's technical support is alerting customers to a security risk with
CA Host-Based Intrusion Prevention System. A vulnerability exists
that can allow a remote attacker to cause a denial of service. CA
has issued a patch to address the vulnerability.
Title: CA Host-Based Intrusion Prevention System SDK kmxfw.sys
Multiple Vulnerabilities
CA Advisory Date: 2008-08-11
Reported By:
CVE-2008-2926 - Tobias Klein
Title: [CAID 35754]: CA Host-Based Intrusion Prevention System
(CA HIPS) Server Vulnerability
CA Vuln ID (CAID): 35754
CA Advisory Date: 2007-10-18
Reported By: David Maciejak
- ---------------------------------------------------------------------
Summary
=======
The Cisco IOS Intrusion Prevention System (IPS) feature contains a
vulnerability in the processing of certain IPS signatures that use
the SERVICE.DNS engine. This vulnerability may cause a router to
crash or hang, resulting in a denial of service condition.
Cisco has released free software updates that address this
Hi, everyone!
As so many highlights have been given on Intrusion Detection System and
Intrusion Prevention System evasions (?) last week, I decided to send this
message just to let you all know that I published a brand-new sample video,
demonstrating two Exploit Next GenerationR example modules, successfully
evading:
. SNORT 2.8.6 detection for MS02-056 vulnerability.
. SURICATA 0.9.0 detection for MS08-078 vulnerability.
CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention
System
Issued: February 23, 2011
Updated: February 24, 2011
CA Technologies support is alerting customers to a security risk
associated with CA Host-Based Intrusion Prevention System (HIPS). A
vulnerability exists that can allow a remote attacker to execute
software within IBM Security Network IPS GX products, IBM Security Server
Protection products, and IBM Security Multi-Function product lines during
2H of 2009.
Versions affected:
Tested against G400 IPS-G400-IB-1 (Intrusion Prevention
Update: 2011-03-11 00:34:23 - version: 31.030) and GX4004 IPS-GX4004-IB-2
(Intrusion Prevention Update: 2011-03-10 23:49:15 - version: 31.030).
Product description:
IBM Web Application Firewall capabilities inside IBM IPS products
Details
=======
Cisco Security Manager is an enterprise-class management application
that is designed to configure firewall, VPN, and intrusion prevention
security services on Cisco network and security devices. As part of
Cisco Security Manager installation, the Cisco IEV is installed by
default. The IEV is a Java-based application that allows users to
view and manage alerts for up to five sensors, including the ability
to report top alerts, attackers, and victims over a specified number
Users should use EMC's Powerlink solution to upgrade to the following EMC RepliStor products:
RepliStor 6.2 SP5: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.2 SP5
RepliStor 6.3 SP2: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.3 SP2
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against this buffer overflow
vulnerability. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions
such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application
and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet
to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats.
These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure
* Users should apply the solution provided by Adobe(APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html ).
* FortiGuard Labs released a signature to protect against this vulnerability.
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-26.html
CVE ID: CVE-2010-3637 (FG-VD-10-020)
Cisco ASA 5500 Series Adaptive Security Appliances are affected by a
denial of service vulnerability that can be triggered by a malformed TCP
segment that transits the appliance. This vulnerability only affects
configurations that use the "nailed" option at the end of their static
statement. Additionally, traffic that matches "static" statement must
also be inspected by a Cisco AIP-SSM (an Intrusion Prevention System
(IPS) module) in inline mode. IPS inline operation mode is enabled by
using the "ips inline {fail-close | fail-open}" command in "class"
configuration mode. Cisco ASA 5500 Series Adaptive Security Appliances
that are running software versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x,
and 8.2.x are affected.
Network Mail Security System Virtual Appliance provide spam
control and preemptive protection for your messaging
infrastructure.
Proventia Network Mail is the only email security solution equipped
with the IBM Intrusion Prevention System (IPS) engine and a behavioral
genotype (SIC!) anti-virus technology, along with remote malware
detection and Sophos signature-based anti-virus.
II. Description
~~~~~~~~~~~~~~~
<++BOF>
-=[ Introduction
Many works have been done regarding evasion techniques against Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), but most of them are related to:
- Packet fragmentation [1]
- Stream segmentation [1]
- Byte and traffic insertion [1]
- Polymorphic shellcode [2]
- Denial-of-Service [1]
- URL obfuscation (+ SSL encryption) [3]
Summary
=======
Cisco IOS Software contains two vulnerabilities related to Cisco IOS
Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall
features. These vulnerabilities are:
* Memory leak in Cisco IOS Software
* Cisco IOS Software Denial of Service when processing specially
crafted HTTP packets
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
management. An administrator can restrict a user's ability to manage the
device, allowing the user to employ the camera for surveillance only.
The Cisco RVS4000 Gigabit Security Router delivers high-speed network
access and IPsec VPN capabilities for as many as five users. The
Cisco RVS4000 also provides firewall and intrusion prevention
capabilities. More information on the Cisco RVS4000 Gigabit Security
Router can be found at this link:
http://www.cisco.com/en/US/products/ps9928/index.html
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
Next Page>>
|
