Ixia ATI Update 2017-18 (315593)

Defects Resolved

Ticket Info
DE8260 (1451283) FileTransfer strikes have been altered to include a carriage return along with line feed when sending base64 encoded email attachments. This affects protocols related to email, including SMTP, POP3, and IMAP.
DE8439 Fixed a bug causing only BreakingPoint HTTP Request to be displayed as only option for AppSimSmartFlow.
DE8484 Multiple strikes were modified to use properly MIME formatted base64 encoding. This adds a sequence of Carriage Return/Line Feed (CRLF) to the end of each line instead of just Line Feed (LF).

Enhancements

Ticket Info
US74423 Deprecated application protocol "Dailymotion Mar15". Deprecated super flows: "Dailymotion Bandwidth", "DailyMotion Mar 15", "DailyMotion Mar 15 Search a DailyMotion video on Google", "DailyMotion Mar 15 Search and view a video on DailyMotion" and "DailyMotion Mar 15 Upload a video to DailyMotion".
US74548 Deprecated application "Office365 OneNote Online Jul15". Deprecated super flow "BreakingPoint Evergreen Office365OneNote Jul 15".

New Protocols & Applications (4)

Name Category Info
Office 365 OneNote Sep17 Distributed Computing The use of the Office 365 OneNote website as of September 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
SNMPv3 Testing and Measurement Simple Network Management Protocol Version 3 (SNMPv3) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Version 3 adds cryptographic security. This protocol simulation uses the User-based Security Model (USM) security model. Note that one can set the engine name, user name and authentication parameters in Wireshark under the Protocol Preferences for SNMP. This allows Wireshark to decode the encrypted PDU.
Dailymotion Aug17 Voice/Video/Media The use of the Dailymotion website as of August 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Evernote Desktop Aug17 Storage Emulates the use of the Evernote Desktop website as of August 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (8)

Name Category Info
Office 365 OneNote Sep 17 Distributed Computing The use of the Office 365 OneNote website as of September 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Office 365 OneNote Sep 17 Create and Edit A New NoteBook Distributed Computing The use of the Office 365 OneNote website as of September 2017. Create and edit a new notebook in Office365. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
SNMPv3 Testing and Measurement Simple Network Management Protocol Version 3 (SNMPv3) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Version 3 adds cryptographic security. Here we show Get, Getnext and Set requests being issued from an SNMP Manager to an SNMP agent. This is done using the USM (User-based Security Model) security model.
Dailymotion Aug 17 Voice/Video/Media The use of the Dailymotion website as of August 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Dailymotion Aug 17 Play A Video Voice/Video/Media The use of the Dailymotion website as of August 2017. It plays a video on Dailymotion. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Evernote Desktop Aug 17 Storage Emulates the use of the Evernote Desktop website as of August 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Evernote Desktop Aug 17 Add Note Storage The user accesses the sign in page, signs in, creates a notebook, adds a simple note and lastly signs out of the app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Evernote Desktop Aug 17 Add Note with Attachement Storage The user accesses the sign in page, signs in, creates a notebook, adds a note with an attachment and lastly signs out of the app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Strikes (9)

CVSS ID References Category Info
9.3 E17-0ipi2 BID-100097
CVE-2017-9638
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
URL
ZDI-17-509
Exploits This strike exploits a stack buffer overflow vulnerability in Mitsubishi Electric E-Designer. The vulnerability is due to improper parsing of the parameters in a configuration file. An attacker can entice a target to open a specially crafted E-Designer Project File to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the application.
9.0 E17-3doa1 BID-100282
CVE-2017-11610
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
URL
Exploits This strike exploits a remote command injection vulnerability in the XML-RPC server in Supervisor. The vulnerability is due to method execve in object self.rpcinterface.supervisor.supervisord.options can execute any command. This vulnerability could allow an unauthorized user to execute arbitrary code on the server.
8.5 E17-3ed01 BID-100367
CVE-2017-12500
CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)
URL
ZDI-17-663
Exploits This strike exploits An Expression Language injection vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. The vulnerability is due to improper input validation of HTTP request parameters. A remote, authenticated attacker can execute arbitrary code on the targeted system by sending a crafted HTTP request to the target server.
7.6 E17-0hxt1 BID-100057
CVE-2017-8641
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-42465
Exploits This strike exploits an Integer Overflow vulnerability in the Microsoft Edge Browser. Specifically, the vulnerability exists when the eval method is called with an overly large string value as the argument. An attacker could craft code in such a way that would cause a denial of service condition in the browser or potentially allow for remote code execution to occur.
7.6 E17-0hv82 BID-99420
CVE-2017-8601
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-42479
GOOGLE-1316
Exploits This strike exploits a vulnerability in Microsoft Edge. Specifically, the Javascript Chakra engine assumes that the specified array will be a float array, however, it is possible to modify this type with the valueOf handler, which will result in type confusion. This can cause a denial of service in the browser or potentially allow for remote code execution to occur.
7.5 E17-m9t21 BID-100278
CVE-2017-7546
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
SECURITYTRACKER-1039142
URL
Exploits This strike exploits an authentication bypass vulnerability in PostgreSQL. Under normal circumstances, PostgreSQL does not permit sending or using empty passwords. However if the password is stored as a hash, empty passwords can be used. Additionally, the clients using libpq perform a client-side test for blank passwords. Because this is client-side, it can be avoided by avoiding using libpq. Successful exploitation may result in successful authentication using an empty password.
7.5 E17-3dmf1 BID-99939
CVE-2017-11543
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
SCIP-104408
URL
Exploits This strike exploits a buffer overflow vulnerability in tcpdump. The vulnerability is due to failure to validate the direction when parsing a Serial-Line IP (SLIP) header. This vulnerability can lead to arbitrary code execution in the context of the tcpdump application.
6.8 E17-0iu51 BID-100609
CVE-2017-9805
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
SCIP-106167
URL
Exploits This strike exploits a remote command execution vulnerability in Apache Struts. The vulnerability is due to insecure deserialization of data by XStreamHandler in Apache Struts REST Plugin. Successful exploitation may result in executing arbitrary code on the target system.
6.0 E17-3dia1 BID-100130
CVE-2017-11394
CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P)
URL
ZDI-17-521
Exploits This strike exploits a command injection vulnerability in the Trend Micro OfficeScan web console due to improper validation of parameters sent in web requests. The vulnerability can be exploited by a remote, authenticated attacker with a specifically crafted web request. An attacker could exploit this vulnerability and execute system commands under the security context of the target application.