Ixia ATI Update 2017-12 (309773)

Defects Resolved

Ticket Info
DE7846 (1443489) Pinterest app implemented in May 2016, had an issue generating empty tcp sessions without application data. Pinterest app has been deprecated and was replaced by the new "Pinterest Jun17".  

Enhancements

Ticket Info
US67432 New SCTP super flows based on HTTP flow were implemented: "HTTP Text over SCTP", "HTTP Bandwidth over SCTP", "HTTP Text over SCTP over UDP", "HTTP Bandwidth over SCTP over UDP". Also one new test "Bandwidth HTTP over SCTP" was added, including the new "Bandwidth HTTP over SCTP" application profile.
US69284 Added ShadowBrokers keyword to 12 strikes, in order to be included in 'ShadowBroker Strikes' smart strike list.
US69643 Pinterest application as of June 2017 has been implemented. The application simulates the Login, View User Boards, Select a Board to view, Search Global Boards, Pin an External item, Upload and pin photo actions.  

New Protocols & Applications (2)

Name Category Info
Certify Jun17 Financial Emulates the use of the Certify website as of June 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Pinterest Jun17 Social Networking/Search Pinterest is a free photo sharing website. Users can upload, save, sort, and manage photos and videos by pinning them on private or public pinboards. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (9)

Name Category Info
Certify Jun 17 Financial Emulates the use of the Certify website as of June 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Certify Jun 17 Create New Report Financial Emulates the use of the Certify website as of June 2017. It creates a new expense report. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Pinterest Jun17 Social Networking/Search The user performs a Pinterest login, a quick board view, a search for items which results in the pinning of one of the items. This is followed by the upload of a photo which is pinned to one of the user's boards after which the user log out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Pinterest Photo Upload Jun17 Social Networking/Search The Pinterest user logs in to upload of a photo to pin to his board and then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Pinterest Search and Pin Jun17 Social Networking/Search The Pinterest user logs in, searches a category and pins one of the resulting items to his board. This is followed by the user logging out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Bandwidth HTTP over SCTP Testing and Measurement The client performs a single GET request of a video file.[RFC 1035][RFC 1945]. Exchange is performed over SCTP [RFC 3286][RFC 4960].
Bandwidth HTTP over SCTP over UDP Testing and Measurement The client performs a single GET request of a video file.[RFC 1035][RFC 1945]. Exchange is performed over SCTP [RFC 3286][RFC 4960] which is encapsulated into UDP.
HTTP Text over SCTP Testing and Measurement The client GETs a text file from a server.[RFC 1035][RFC 1945]. Exchange is performed over SCTP [RFC 3286][RFC 4960].
HTTP Text over SCTP over UDP Testing and Measurement The client GETs a text file from a server.[RFC 1035][RFC 1945]. Exchange is performed over SCTP [RFC 3286][RFC 4960] which is encapsulated into UDP.

New Application Profiles (1)

Name Info
Bandwidth HTTP over SCTP Generates HTTP over SCTP traffic by requesting and receiving a video file.

New Test (1)

Name Info
Bandwidth HTTP over SCTP This test consists of an http GET which requests a video and receives it for bandwidth purposes. The transport layer is Stream Control Transmission Protocol.

New Strikes (7)

CVSS ID References Category Info
10.0 E17-0h1y1 BID-98636
CVE-2017-7494
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
SCIP-101738
Exploits This strike exploits a Remote Code Execution vulnerability in Samba. An attacker could exploit this vulnerability by uploading a shared library file to a writable Samba share, followed by accessing the file path via named pipe. * NOTE: When running this strike in OneArm mode, the target system must have /share configured with write permissions and be available via SMB as \share.
10.0 E16-0e2f1 BID-97778
CVE-2017-3623
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
SCIP-100158
URL
Exploits This strike exploits a remote code execution vulnerability in Oracle Solaris RPC. Specially crafted RPC packets can be sent to listening RPC ports to achieve remote code execution with root privileges. * NOTE: This vulnerability was targeted with ShadowBrokers EbbIsland exploit.
10.0 E17-exiy1 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a code execution vulnerability in MDaemon from 9.5.2 to 10.1.2. The vulnerability is due to MDaemon's auto responder not filtering input correctly. A remote, unauthenticated attacker could execute arbitrary code on the target system by sending email which contains malicious commands.
7.8 E17-0fr61 BID-98331
CVE-2017-5810
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N)
URL
Exploits This strike exploits an SQL injection vulnerability in HPE Network Automation. The RedirectServlet constructs SQL queries in order to retrieve information from the database, and does not allow specific characters to be passed in these parameters. However, a malicious attacker can construct a query using the deviceID parameter that will perform an SQL UNION and return an encryption key from the database in the primaryIPAddress parameter. When combined with the authentication bypass this attack can lead to SQL command execution in the remote database.
7.8 E17-0fr71 BID-98331
CVE-2017-5811
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N)
URL
Exploits This strike exploits an information disclosure vulnerability in HPE Network Automation. Specifically the FileServlet class fails to properly validate the encrypted file path provided by the user. A malicious attacker can craft a request via the tk parameter that will allow for file contents to be disclosed. This attack can be combined with an SQL injection (CVE-2017-5810) to provide the key used for encryption and decryption
7.5 E17-m9c11 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
SECURITYTRACKER-1038529
URL
Exploits This strike exploits a buffer overflow vulnerability in Digium Asterisk. When handling SIP requests containing a Via header with no transaction ID, the CSeq header is used in creating a transaction ID. The length of the CSeq header is not validated before being copied to a heap buffer. An attacker can exploit this vulnerability by sending a specially crafted SIP request containing a Via header with no transaction ID and an overly long CSeq header. Successful exploitation may result in arbitrary code execution.
5.0 E17-0fr81 BID-98331
CVE-2017-5812
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
URL
Exploits This strike exploits an authentication bypass vulnerability in HPE Network Automation. The PermissionFilter class performs a check to determine if a URI request requires authentication. However, if traversal characters are used in conjunction with these strings an attacker can bypass authentication to allow access to the requested page.