Ixia ATI Update 2019-03 (352882)

Enhancements

Ticket Info
US90310 This is feature for RFC3128 functionality as requested, the step to turn on the function is as follows:1. Login to the UI2. Under security components -> parameter -> "Evasion Profile", choose Create New/Edit Current Evasion Profile3. Under IP field, there are two options "RFC3128" and "RFC3128FakePort, click "Allow Overwrite" on both options.4. On option RFC3128, click the option, on option RFC3128FakePort, enter the port number you wanted to send the evasion traffic.5. Save the profile and run the test.On the pcap, a fragment packet should able to found on TCP 3 way handshake's first SYN packet with the port number just entered in evasion profile, following with two fragmented packet go to the original port.
US94846 This test demonstrates the evasion tenchnique as described in RFC3128 using CVE-2018-1303. It sends a TCP SYN packet fragmented in three pieces, overlapping the destination port.  The intent of this evasion is to bypass port filtering mechanisms present on firewalls and other similar devices.

New Protocols & Applications (2)

Name Category Info
OUCH 4.2 Financial OUCH 4.2 (over TCP). This is a protocol used by the NASDAQ stock exchange.
FacebookLive Dec18 Social Networking/Search Simulates Facebook Live Streaming as of December 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (2)

Name Category Info
OUCH42 Financial Simulates an OUCH 4.2 transaction.
Facebooklive Dec18 Social Networking/Search Simulates the sequence of events where the user logs in starts live streaming and logs out. Note that this does not include the traffic between the streaming software and the Facebook Server. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Strikes (11)

CVSS ID References Category Info
10.0 E19-max02 BID-103538
CVE-2018-0171
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
SECURITYTRACKER-1040580
URL
Exploits A remote code execution vulnerability exists in the Cisco IOS Software and Cisco IOS XE Software. The vulnerability is due to improper validation of packet data in the Smart Install feature. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed packet to the target service. Successful exploitation could lead to arbitrary code execution or denial of service (DoS) conditions of the vulnerable device.
9.3 E19-yfsn1 BID-29519
CVE-2008-2551
CVSS-9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
SCIP-42664
Exploits This strike executes a vulnerability in Icona SpA C6 Messenger. When the DownloaderActiveX Control propPostDownloadAction parameter is set to run, a remote attacker can download and execute a file via a URL in propDownloadUrl parameter. This strike sends the initial html that contains these parameters before they make an outbound request to receive a malicious file via the propDownloadUrl parameter.
9.0 E19-0viy1 CVE-2019-6250
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
URL
Exploits An integer overflow vulnerability has been discovered in ZeroMQ libzmq library. The vulnerability is due to improper sanitization of user-supplied data passed to zmq::v2_decoder_t::size_ready function when handling ZMTP messages. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in the execution of arbitrary code in the security context of the service implementing the vulnerable library.
8.0 E19-3unu1 CVSS-8.0 (AV:N/AC:L/AU:S/C:C/I:P/A:P)
URL
Exploits An OS command injection vulnerability exists in LibreOffice via path traversal in event listeners functionality. The vulnerability is due to missing string sanitization when parsing event listener script sources. By enticing an user to open a crafted "fodt" document, an attacker may achieve remote code execution on the target system.
7.6 E19-0zny1 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-46222
Exploits This strike executes a vulnerability in a Microsoft Windows Contact file. Specifically a remote attacker can execute arbitrary code on Microsoft Windows by performing code injection in the email field of a Windows Contact file.
7.6 E19-0r4b1 BID-106401
CVE-2019-0539
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-46203
GOOGLE-1703
Exploits This strike exploits a vulnerability in the Microsoft Edge browser. Specifically a type confusion vulnerability exists inside the Chakra Javascript engine InitClass. It is possible for an attacker to craft javascript code in such a way that type confusion will cause a memory access violation to occur. This may lead to remote code execution or a denial of service condition in the browser.
7.5 E19-0zfu1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
EXPLOITDB-45930
Exploits This strike exploits a SQL injection vulnerability in the JE Photo Gallery component 1.1 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
7.5 E19-0zh61 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
EXPLOITDB-45978
URL
Exploits This strike exploits a remote code execution in ThinkPHP framework. The flaw is rooted within the 'invokefunction' method as a consequence of no parameter validation. A remote, unauthenticated attacker may thus be able to execute code on the vulnerable machine with the permissions of the user running the web server.
7.5 E19-0r4j1 BID-106394
CVE-2019-0547
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits A heap overflow vulnerability exists in the 'dhcpcore.dll' component of Windows DHCP Client. The vulnerability is triggered by two subsequent null bytes in a Domain Search DHCP Option within a DHCP Offer packet, followed by an arbitrary number of bytes, causing a zero-length buffer to be written, thus overwriting a invalid memory space. By exploiting the vulnerability, an attacker may be able to execute arbitrary code with SYSTEM privileges.
6.1 E19-7uqi1 BID-106323
CVE-2018-20346
CVSS-6.1 (AV:L/AC:L/AU:N/C:P/I:P/A:C)
URL
Exploits This strike exploits a integer overflow vulnerability found in SQLite with the FTS3 extension enabled. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting special FTS3 shadow tables. A successful exploit could allow the attacker to execute arbitrary SQL statements.
4.0 D19-0h6a1 BID-98741
CVE-2017-7650
CVSS-4.0 (AV:N/AC:L/AU:S/C:P/I:N/A:N)
SCIP-106414
URL
Exploits This strike exploits an ACL bypass vulnerability in Mosquitto. If the username or client ID field is set to "#" or "+", ACLs will be completely bypassed. An attacker can send a crafted mqtt message to access mqtt topics without proper ACL rights.