Cisco IPS Active Update Bulletin – May 15, 2009
|
|
|
||||||
 |
|||||
| PLATFORM | SIGID | SIGNAME | ENGINE | SEVERITY | ENABLED |
| 5.x,6.x | 17257.0 | HPISDataManager.dll GetFileTime Overflow | string-tcp | high | false |
| 5.x,6.x | 5933.0 | Oracle Database DBMS_Scheduler Privilege Escalation | string-tcp | medium | false |
| 5.x,6.x | 5943.0 | Oracle Database Server SQL Query Directory Traversal | string-tcp | medium | false |
| 5.x,6.x | 5945.0 | MS IE Cross Frame Scripting Restriction Bypass | string-tcp | low | false |
| 5.x,6.x | 5949.0 | Multiple HP Web Jetadmin Vulnerabilities | service-http | medium | false |
| 5.x,6.x | 5949.1 | Multiple HP Web Jetadmin Vulnerabilities | service-http | high | false |
| 5.x,6.x | 5956.0 | Multiple Vendor SOAP DoS | string-tcp | medium | false |
| 5.x,6.x | 5961.0 | Oracle Database Server MD2 package SDO_CODE_SIZE procedure Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 6134.0 | Microsoft ASP.NET Canonicalization | service-http | low | false |
| 5.x,6.x | 6137.0 | Wordpad Default Font Overflow | string-tcp | high | false |
| 5.x,6.x | 15010.0 | MIT Kerberos KAdminD klog_vsyslog Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 6284.0 | Openwsman HTTP Basic Authentication Buffer Overflow | service-http | high | true |
| 5.x,6.x | 16759.0 | Firefox UI Dispatcher DoS | string-tcp | high | false |
| 5.x,6.x | 16760.0 | VLC TTA Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17137.0 | Realplayer URL Parsing Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17138.0 | Internet Explorer Malformed BMP Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17142.0 | ACDSee Plugins ID_X.APL and IDE_ACDSTD.APL Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17145.0 | FFmpeg libavformat psxstr.c STR Data Heap Based Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17148.0 | Appian Enterprise Business Process Management Suite 5.6 Denial of Service | string-tcp | high | false |
| 5.x,6.x | 17197.0 | MicroWorld Technologies MailScan Multiple Remote Vulnerabilities | service-http | low | false |
| 5.x,6.x | 17197.1 | MicroWorld Technologies MailScan Multiple Remote Vulnerabilities | service-http | low | false |
| 5.x,6.x | 17197.2 | MicroWorld Technologies MailScan Multiple Remote Vulnerabilities | service-http | high | false |
| 5.x,6.x | 17200.0 | C6 Messenger Installation Url DownloaderActiveX Control | string-tcp | high | false |
| 5.x,6.x | 17201.0 | HPISDataManagerLib.Datamgr ActiveX Control Vulnerability | string-tcp | high | false |
| 5.x,6.x | 17202.0 | Apple Quicktime Image File IDSC Atom Memory Corruption | string-tcp | high | false |
| 5.x,6.x | 17237.0 | CA BrightStor ARCserve Backup Media Server Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17238.0 | CA BrightStor ARCserve Backup Media Server Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17239.0 | Samba LSA RPC Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17240.0 | Samba RPC Routine Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17241.0 | TrendMicro serverProtect Crafted RPC Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17243.0 | OpenBSD Tcp Timestamp Handling DoS | string-tcp | medium | false |
| 5.x,6.x | 17246.0 | Sun Java Web Start ActiveX Control Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17247.0 | IBiz E-Banking Integrator ActiveX Vulnerability | string-tcp | high | false |
| 5.x,6.x | 17250.0 | Firefox Memory Corruption | string-tcp | medium | false |
| 5.x,6.x | 17252.0 | Crystal Reports XI ActiveX Buffer Overflow | string-tcp | high | false |
| 5.x,6.x | 17255.0 | Check Point VPN-1 UTM Edge Login Page Cross-Site Scripting | string-tcp | high | false |
| 5.x,6.x | 17256.0 | HPISDataManager.dll Arbitrary File Download | string-tcp | high | true |
| 5.x,6.x | 17262.0 | Savant Web Server Remote Buffer Overflow Vulnerability | string-tcp | high | false |
The S402 signature update contains the following modified signatures:
There are no tuned signatures for this release.
Modified signature details: 3531-0 This Signature was retired.
IMPORTANT NOTES:
All signature updates are cumulative. The S402 signature update contains all previously released signature updates.
You must have a valid Cisco Services for IPS contract per sensor to receive and use software upgrades including
signature updates from Cisco.com.
A Cisco Services for IPS Services License is required for the installation of all signature updates. The Cisco Services
for IPS Services License can be requested from http://www.cisco.com/go/license for all sensors covered by a
maintenance contract.
To manage your maintenance contracts use the Service Contract Center:
http://www.cisco.com/cgi-bin/front.x/scccibdispatch?AppName=ContractAgent
SUPPORTED PLATFORMS:
The S402 signature update can ONLY be applied to E3 sensors.
IPS S402 Software Update Files:
Please note that the signature update download location has changed.
Sensor appliances, IDSM2, NM-CIDS, ASA-SSM-AIP modules: click here
IOS IPS in 12.4(11)T or later T-Train Releases:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ios-v5sigup
Note: Posting of signature release files for IOS IPS may take a few additional days.
CISCO SECURITY MANAGER (CSM) NOTICE:
Note 1:
You can only apply the IPS-CS-MGR-sig-S402-req-E3.zip signature update file to CSM 3.0 or later and IPS MC version 2.2 or
later. The E3 Engine Update packages for sensors are deployed automatically the first time a signature set that requires
E3 is deployed by CSM. E3 updates are not listed or available for selection in the Apply Update Wizard and cannot be
applied independently by CSM. To ensure that the E3 update is applied to your sensors, please ensure
that you push the S366 package to your sensors.
2. Cisco IDS 4235 and IDS 4250 sensors approaching end of signature support Cisco IDS 4235 and IDS 4250 sensors approaching end of signature support Last day of signature support for IDS 4250 SX and IDS 4250 XL sensors is May 24, 2009. Last day of signature support for IDS 4235 and IDS 4250 TX sensors is May 31, 2009. If you are still using IDS 4235 and IDS 4250 sensors, please contact your Cisco sales representative regarding migration plans to newer Cisco IPS sensors. More information including recommended migration options is available at this web page: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_eol_notices_list.html 3. Cisco IPS Signature correlation available in the Cisco. Security IntelliShield Alert Manager Service Search Access FeatureThe Cisco IPS Team is pleased to announce the correlation of Cisco IPS Signature information within the IntelliShield Alert Manager Search Access Feature. Cisco Services for IPS clients that subscribe to the service now have access to perform targeted searches to display Cisco IPS Signatures associated with different alerts to ensure they have the most up to date intelligence. Subscribers can view a new IPS Signature list page that is searchable and will display Cisco IPS Signatures associated with IntelliShield Alerts. IntelliShield Alerts also contain the associated Cisco IPS Signature information within each alert.The IntelliShield Alert Manager Search Access Feature provides clients with access to one of the most extensive collections of vendor-neutral security intelligence alerts in the industry. Clients can access a fully indexed and searchable database that extends back over six years and contains more than 1700 vendors, 5500 products, and 20,000 distinct versions of applications.
To obtain access to the IntelliShield Alert Manager Search Access Feature, each user is required to provide either a valid IPS License File or a valid IPS Serial Number to authorize the creation of this user account. Only one user account is permitted for each IPS License File or IPS Serial Number. Please proceed to the registration page at the following link to obtain your access:
https://intellishield.cisco.com/security/alertmanager/intelliShieldSearch
Email support is available for users of the Cisco Security IntelliShield Alert Manager Service Search Access Feature at intellishieldsearch-support@cisco.com . Support is provided by Cisco during the hours of 7:00 a.m. and 7:00 p.m. Eastern Time. 4. Subscribe to the Product Alert Tool for IPS Related Field Issues
Interested in knowing the latest on field notices, product alerts, and end-of-sale information relating to your IDS and IPS hardware? We have recently updated the Cisco Product Alert Tool to include IDS and IPS appliances. Simply visit: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do and follow these steps:
- Select Create a new Alert Profile.
- Name your profile anything you would like.
- Under Select Your Product, select: Intrusion Prevention System
- Click Add so that “Intrusion Prevention System” is added to the “Products in your profile” list
- Select the message types you wish to receive
- Confirm your email address
- Click Submit.
You will be kept up to date with the latest news on your IPS hardware appliances. 5. Subscription InformationIf you wish to receive this bulletin, you can subscribe now.
