Next Page >>
intrusion prevention
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo
Frame Denial of Service
Advisory ID: cisco-sa-20080618-ips
Revision 1.0
CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention
System
Issued: August 18, 2009
CA's technical support is alerting customers to a security risk with
CA Host-Based Intrusion Prevention System. A vulnerability exists
that can allow a remote attacker to cause a denial of service. CA
has issued a patch to address the vulnerability.
Title: CA Host-Based Intrusion Prevention System SDK kmxfw.sys
Multiple Vulnerabilities
CA Advisory Date: 2008-08-11
Reported By:
CVE-2008-2926 - Tobias Klein
Title: [CAID 35754]: CA Host-Based Intrusion Prevention System
(CA HIPS) Server Vulnerability
CA Vuln ID (CAID): 35754
CA Advisory Date: 2007-10-18
Reported By: David Maciejak
- ---------------------------------------------------------------------
Summary
=======
The Cisco IOS Intrusion Prevention System (IPS) feature contains a
vulnerability in the processing of certain IPS signatures that use
the SERVICE.DNS engine. This vulnerability may cause a router to
crash or hang, resulting in a denial of service condition.
Cisco has released free software updates that address this
Hi, everyone!
As so many highlights have been given on Intrusion Detection System and
Intrusion Prevention System evasions (?) last week, I decided to send this
message just to let you all know that I published a brand-new sample video,
demonstrating two Exploit Next GenerationR example modules, successfully
evading:
. SNORT 2.8.6 detection for MS02-056 vulnerability.
. SURICATA 0.9.0 detection for MS08-078 vulnerability.
CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention
System
Issued: February 23, 2011
Updated: February 24, 2011
CA Technologies support is alerting customers to a security risk
associated with CA Host-Based Intrusion Prevention System (HIPS). A
vulnerability exists that can allow a remote attacker to execute
software within IBM Security Network IPS GX products, IBM Security Server
Protection products, and IBM Security Multi-Function product lines during
2H of 2009.
Versions affected:
Tested against G400 IPS-G400-IB-1 (Intrusion Prevention
Update: 2011-03-11 00:34:23 - version: 31.030) and GX4004 IPS-GX4004-IB-2
(Intrusion Prevention Update: 2011-03-10 23:49:15 - version: 31.030).
Product description:
IBM Web Application Firewall capabilities inside IBM IPS products
Details
=======
Cisco Security Manager is an enterprise-class management application
that is designed to configure firewall, VPN, and intrusion prevention
security services on Cisco network and security devices. As part of
Cisco Security Manager installation, the Cisco IEV is installed by
default. The IEV is a Java-based application that allows users to
view and manage alerts for up to five sensors, including the ability
to report top alerts, attackers, and victims over a specified number
* Users should apply the solution provided by Adobe(APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html ).
* FortiGuard Labs released a signature to protect against this vulnerability.
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-26.html
CVE ID: CVE-2010-3637 (FG-VD-10-020)
Users should use EMC's Powerlink solution to upgrade to the following EMC RepliStor products:
RepliStor 6.2 SP5: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.2 SP5
RepliStor 6.3 SP2: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.3 SP2
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against this buffer overflow
vulnerability. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions
such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application
and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet
to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats.
These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure
Vulnerable: Input Validation Vulnerabilities (Server-Side|Persistent)
Vulnerable Module(s):
[+] Proxy - HTTP Configuration Masks
[+] Service - Intrusion Prevention
[+] Netzwerk - Host Configuration
[+] DHCP
Pictures:
../ive1.png
Cisco ASA 5500 Series Adaptive Security Appliances are affected by a
denial of service vulnerability that can be triggered by a malformed TCP
segment that transits the appliance. This vulnerability only affects
configurations that use the "nailed" option at the end of their static
statement. Additionally, traffic that matches "static" statement must
also be inspected by a Cisco AIP-SSM (an Intrusion Prevention System
(IPS) module) in inline mode. IPS inline operation mode is enabled by
using the "ips inline {fail-close | fail-open}" command in "class"
configuration mode. Cisco ASA 5500 Series Adaptive Security Appliances
that are running software versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x,
and 8.2.x are affected.
Network Mail Security System Virtual Appliance provide spam
control and preemptive protection for your messaging
infrastructure.
Proventia Network Mail is the only email security solution equipped
with the IBM Intrusion Prevention System (IPS) engine and a behavioral
genotype (SIC!) anti-virus technology, along with remote malware
detection and Sophos signature-based anti-virus.
II. Description
~~~~~~~~~~~~~~~
<++BOF>
-=[ Introduction
Many works have been done regarding evasion techniques against Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), but most of them are related to:
- Packet fragmentation [1]
- Stream segmentation [1]
- Byte and traffic insertion [1]
- Polymorphic shellcode [2]
- Denial-of-Service [1]
- URL obfuscation (+ SSL encryption) [3]
Summary
=======
Cisco IOS Software contains two vulnerabilities related to Cisco IOS
Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall
features. These vulnerabilities are:
* Memory leak in Cisco IOS Software
* Cisco IOS Software Denial of Service when processing specially
crafted HTTP packets
Overview:
Stateful Inspection Firewall
VPN (SSL VPN & IPSec)
Intrusion Prevention System
Anti-Virus & Anti-Spyware
Anti-Spam
Web Filtering
Bandwidth Management
Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and
carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide
a comprehensive and high-performance array of security and networking functions including:
* Firewall, VPN, and Traffic Shaping
* Intrusion Prevention System (IPS)
* Antivirus/Antispyware/Antimalware
* Web Filtering
* Antispam
* Application Control (e.g., IM and P2P)
* VoIP Support (H.323. and SCCP)
Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and
carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide
a comprehensive and high-performance array of security and networking functions including:
* Firewall, VPN, and Traffic Shaping
* Intrusion Prevention System (IPS)
* Antivirus/Antispyware/Antimalware
* Web Filtering
* Antispam
* Application Control (e.g., IM and P2P)
* VoIP Support (H.323. and SCCP)
Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and
carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide
a comprehensive and high-performance array of security and networking functions including:
* Firewall, VPN, and Traffic Shaping
* Intrusion Prevention System (IPS)
* Antivirus/Antispyware/Antimalware
* Web Filtering
* Antispam
* Application Control (e.g., IM and P2P)
* VoIP Support (H.323. and SCCP)
but in a space-saving desktop unit. Built-in VPN acceleration provides the GB-820 with increased throughput, allowing
organizations to easily handle periods of increased VPN activity.
All GTA Firewall UTM Appliances include our advanced firewall features - policy based NAT, virtual hosting via IP
Aliasing, advanced routing such as BGP and Single-Sign on authentication - at no extra charge. Threat management
features include DoS and an Intrusion Prevention System (IPS), basic content filtering and advanced email gateway features.
(Copy of the Vendor Homepage: http://www.gta.com )
Abstract:
but in a space-saving desktop unit. Built-in VPN acceleration provides the GB-820 with increased throughput, allowing
organizations to easily handle periods of increased VPN activity.
All GTA Firewall UTM Appliances include our advanced firewall features - policy based NAT, virtual hosting via IP
Aliasing, advanced routing such as BGP and Single-Sign on authentication - at no extra charge. Threat management
features include DoS and an Intrusion Prevention System (IPS), basic content filtering and advanced email gateway features.
(Copy of the Vendor Homepage: http://www.gta.com )
Abstract:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
Advisory ID: cisco-sa-20120926-ios-ips
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
Next Page>>
|
