Ixia ATI Update 2017-10 (307076)

Defects Resolved

Ticket Info
DE7777 Strike ID E17-0bdt1 was mis-identified as exploiting CVE-2017-0145. The strike has been renamed to strikes/exploits/smb/cve_2017_0143_smb_dataDisplacement_buffer_overflow.xml and metadata changed accordingly.

New Protocols & Applications (2)

Name Category Info
GoogleDocs May17 Data Transfer/File Sharing Google Docs is an online word processor that lets you create and format documents and work with other people. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Zalo May17 Voice/Video/Media Zalo is an application for mobile devices that allows its users to send and receive messages including photos, videos, and contact information. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (4)

Name Category Info
Google Docs Data Transfer/File Sharing Traffic that simulates creating, sharing, posting comments and downloading an online Google Document file. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Google Docs Create Document and Download as Plain Text Data Transfer/File Sharing Traffic that simulates creating and downloading a Google Document as plain text This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Google Docs Edit Document and Rename it Data Transfer/File Sharing Traffic that simulates editing and renaming an existing Google Document This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Zalo VOIP Voice/Video/Media Zalo is an application for mobile devices that allows its users to send and receive messages including photos, videos, and contact information. Here we simulate a Zalo startup which is followed by a VOIP conversation with a peer. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Strikes (8)

CVSS ID References Category Info
10.0 E17-vacg1 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a buffer overflow vulnerability in Alt-N MDaemon. The vulnerability is due to failure to sanitize user supplied HTTP parameter values. By sending a specially crafted HTTP request a remote, unauthenticated, attacker could execute arbitrary code on the target system. * NOTE: This vulnerability was targeted with ShadowBrokers EasyFun exploit.
10.0 E17-0fnt1 BID-1038385
CVE-2017-5689
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a privilege escalation vulnerability in Intel Active Management Technology. The vulnerability is due to improper input validation when checking parameters in the Authorization HTTP request header. An unprivileged attacker can gain system privileges of AMT by sending an HTTP Digest authentication request with an empty response parameter.
7.8 D17-al5r1 BID-97754
CVE-2017-3599
CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C)
URL
Denial This strike exploits an integer overflow in Oracle MySQL. When parsing an Authentication Request where the password length field is greater than 254 and the password is less than 8 bytes, a pointer will be left pointing past the buffer. This pointer is later called, triggering an out of bounds read. Successful exploitation may result in abnormal termination of MySQL, resulting in a denial of service condition.
7.5 E17-m91t1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
SECURITYTRACKER-1038161
URL
ZDI-17-217
Exploits This strike exploits a command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). The bdn parameter, which is sent in HTTP POST requests to the /rest/domains uri, is vulnerable to command injection and is not sanitized. An attacker can send a specially crafted HTTP POST request to achieve arbitrary command execution. NOTE: By default the vulnerable services are accessed via SSL connection (port 8443)
7.5 E17-0dg81 BID-98083
CVE-2017-2824
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a code execution vulnerability in Zabbix Server. The vulnerability is due to improper checks of a user-supplied IP address value within the Trapper functionality of the server. Successful attacks of this vulnerability can lead to arbitrary command execution in the context of the Zabbix process.
6.5 E17-0h5b1 BID-97707
CVE-2017-7615
CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P)
URL
Exploits This strike exploits a remote password reset vulnerability in Mantis Bug Tracker. The vulnerability is due to improper input validation when checking password reset requests. A remote attacker can reset the password via an empty confirm_hash value to verify.php.
4.3 E17-0bfk1 BID-97460
CVE-2017-0208
CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
URL
Exploits This strike exploits a vulnerability that exists in Microsoft Edge. An attacker can craft Javascript in a way that causes an out of bounds buffer to be read when a string object is created by the repeat method. During this process a string replace method is called to replace characters in the string, and a sign extension is performed on the count parameter of the calculation. If this value is too large, it becomes negative, which can potentially lead to an out of bounds memory read, disclosing the memory contents of the buffer.
4.0 E17-0fhf1 BID-97940
CVE-2017-5459
CVSS-4.0 (AV:L/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a memory corruption vulnerability in Mozilla Firefox. An integer overflow occurs within the Intersect() function when code containing the WebGL readPixels() method is called. This strike utilizes the copyTexSubImage2D method to demonstrate this vulnerability by causing a denial of service in the browser. Successful exploitation could potentially lead to remote code execution.