Ixia ATI Update 2017-05 (300649)

Defects Resolved

Ticket Info
DE7262 (1430345) Strike based fuzzers now correctly indicate if they are blocked or allowed through a device.
DE7285 Corrected metadata for the following strikes: G10-37801, G06-7cy0, G07-5a301, G09-36m01, G09-34t01, G08-4ly01.
DE7292 Removed duplicate references for the following strikes: E05-22n03,  E05-22n01, E05-22n02, E15-atg01, E05-0bm01, E05-0bm02.
DE7405 Removed "Emulate" term from "Emulate Speedtest.net" super flow name.
DE7429 In this release the duplicated "Content Length" and "Content-Range" attributes in HTTP 206 Partial Content were removed.

Enhancements

Ticket Info
US60078 Removed deprecation from strike D16-43501 due to Network Processor enhancements.
US62935 This enhancement adds 2 new attributes Proxy-State and Framed-IPv6-Preifx to the Radius Accounting Request , Radius Accounting Response , Radius Access Request and Radius Access Accept actions. 

New Protocols & Applications (3)

Name Category Info
HL7 Enterprise Applications Health Level Seven (HL7) is a set of standards for transfer clinical and administrative data between software applications used by health care providers. This application simulates the lower layer protocol (LLP, sometimes referred to a MLLP for Minimum LLP) used when transferring the data in the non-XML pipe and hat form.
Appointy Mar17 Enterprise Applications Appointy is an all-in-one online scheduling software for restaurants. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Restaurant 7Shifts Mar17 Enterprise Applications 7shifts is an employee scheduling application designed for restaurants. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (5)

Name Category Info
Health Level Seven - HL7 Enterprise Applications Health Level Seven (HL7) is a set of standards for transfer clinical and administrative data between software applications used by health care providers. In this simulation, HL7's Minimum Lower Layer protocol (MLLP) is used to show an endpoint transferring its data to another endpoint.
Appointy Manager Access Enterprise Applications Appointy Scheduling Software for Restaurants. This emulation highlights a restaurant manager's typical use of the application. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Appointy Quick Schedule Review Enterprise Applications Appointy Scheduling Software for Restaurants. This emulation shows the restaurant manager logging in to quickly check who is scheduled to work over the next three days. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
7SHIFTS Manager Access Enterprise Applications 7SHIFTS Scheduling Software for Restaurants. This emulation highlights a restaurant manager's typical use of the application. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
7SHIFTS Quick Schedule Review Enterprise Applications 7SHIFTS Scheduling Software for Restaurants. This emulation shows the restaurant manager logging in to quickly check who is scheduled to work over the next three days. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Test (1)

Name Info
Mirai Botnet This test simulates Command and Control communications for the Mirai Botnet.

New Strikes (8)

CVSS ID References Category Info
10.0 E17-5b401 APSB-17-04
CVE-2017-2992
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
GOOGLE-1018
Exploits This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to an heap overflow when parsing an MP4 header. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in abnormal termination of the flash process.
10.0 E17-5ay01 APSB-17-04
BID-96193
CVE-2017-2986
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
GOOGLE-1008
Exploits This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to an heap overflow in YUVPlane decoding. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in abnormal termination of the flash process.
9.3 E17-7cm01 CVE-2017-5638
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a remote command execution vulnerability in Apache Struts. An HTTP request with a specially crafted content-type can be used to execute arbitrary commands. Successful exploitation may result in command execution.
8.5 E17-0f801 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)
ZDI-17-122
ZDI-17-123
ZDI-17-124
Exploits This strike exploits a command execution vulnerability in Trend Micro Safe Sync. Several query string parameters accepted by the reconnect command are vulnerable to command injection. An authenticated attacker can connect, disconnect, and then send a specially crafted HTTP command to reconnect in order to achieve arbitrary code execution with root privileges.
7.6 E17-31101 BID-96088
CVE-2017-0037
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
GOOGLE-1011
Exploits This strike exploits a vulnerability in the Microsoft Internet Explorer and Edge Browsers. It is possible for an attacker to craft HTML and CSS in such a way that allows for the styleSheet of an object containing the columnspan property to be modified causing a type confusion to occur.
7.6 E16-8mg01 BID-94749
CVE-2016-7288
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
GOOGLE-983
MS16-145
Exploits This strike exploits a use-after-free vulnerability in the Microsoft Edge Browser. It is possible when an ArrayBuffer is allocated and attached to a TypedArray object, to create a use-after-free-condition. If the toString or valueOf methods are overridden in a function comparison of the sort method by invoking a specific message, the ArrayBuffer is freed and detached from the TypedArray object. However, when the sort method is called, the freed buffer is referenced again triggering the use-after-free condition.
6.8 E17-0d5w1 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
ZDI-17-060
Exploits This strike exploits a directory traversal vulnerability in Trend Micro Control Manager. The vulnerability is due to improper input validation of HTTP parameters passed to importfile.php. An attacker could exploit this vulnerability to upload a file and execute it on the target system.
5.0 E16-a4s01 BID-96143
CVE-2016-9244
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
EXPLOITDB-41298
SECURITYTRACKER-1037800
URL
Exploits This strike exploits memory disclosure vulnerability in F5 Big-IP appliances. When performing SSL renegotiation with session tickets, the client provides a session ID, which may be between 1 and 32 bytes. The server then echoes this sessionID. F5 Big-IP appliances will echo 32 bytes regardless of the size of the received session ID. An attacker can perform an SSL renegotiation and send a session ID of less than 32 bytes, causing the server to echo back the provided session ID plus up to 31 bytes of uninitialized memory.

Modified Strikes (13)

CVSS ID References Category Info
10.0 E05-0bm02 BID-12847
CVE-2005-0418
CVE-2005-0836
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits Removed duplicate references from this strike.
10.0 E05-0bm01 BID-12847
CVE-2005-0418
CVE-2005-0836
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits Removed duplicate references from this strike.
9.3 G08-4ly01 BID-32620
CVE-2008-2086
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
URL
Generic Corrected metadata for this strike.
9.3 G10-37801 BID-38551
CVE-2010-0260
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
MS10-017
URL
Generic Corrected metadata for this strike.
9.3 G09-36m01 BID-33870
CVE-2009-0238
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
MS09-009
URL
Generic Corrected metadata for this strike.
7.5 G06-7cy01 BID-20930
CVE-2006-5650
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Generic Corrected metadata for this strike.
6.8 G07-5a301 BID-24983
CVE-2007-2955
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Generic Corrected metadata for this strike.
5.7 E15-atg01 BID-74743
CVSS-5.7 (AV:N/AC:M/AU:N/C:P/I:P/A:N)
Exploits Removed duplicate references from this strike.
5.1 E05-22n03 BID-19306
CVE-2005-2687
CVE-2006-4012
CVSS-5.1 (AV:N/AC:H/AU:N/C:P/I:P/A:P)
Exploits Removed duplicate references from this strike.
5.1 E05-22n01 BID-19306
CVE-2005-2687
CVE-2006-4012
CVSS-5.1 (AV:N/AC:H/AU:N/C:P/I:P/A:P)
Exploits Removed duplicate references from this strike.
5.1 E05-22n02 BID-19306
CVE-2005-2687
CVE-2006-4012
CVSS-5.1 (AV:N/AC:H/AU:N/C:P/I:P/A:P)
Exploits Removed duplicate references from this strike.
5.0 G09-34t01 BID-33258
CVE-2009-0173
CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)
URL
Generic Corrected metadata for this strike.
5.0 D16-43501 BID-90872
CVE-2016-1409
CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)
URL
Denial This strike is no longer deprecated due to Network Processor enhancements.