Ixia ATI Update 2018-16 (338153)

Defects Resolved

Ticket Info
DE9864 The multipart messages syntax was corrected in Gmailclassic_130508 SuperFlow by adding a blank line between the header area and the body area.

Enhancements

Ticket Info
US89215 Instagram Bandwidth super flow was restored to use the original flow version Instagram Nov14. A new super flow Instagram Apr18 Bandwidth was added to use the newer version Instagram Apr18.

New Protocols & Applications (1)

Name Category Info
MQTTOverWebsocket Distributed Computing MQTT over WebSocket enables web browser on any device tobecome a full-fledged MQTT client. With MQTT operations such as publish, subscribe etc. could happen in the web browser, web applications can take advantage of highly scalable messaging with a low bandwith overhead.

New Super Flows (12)

Name Category Info
MQTT Connect and Publish over Websocket Distributed Computing MQTT client and server performing connect, publishes activities over Websocket. The client and server first establish Websocket connection via Websocket handshakes; then the client and server exchange MQTT connect, publish, ping, and disconnect messages as payload of Websocket data frames. The containing Websocket connection is terminated in the end.
MQTT Connect Subscribe and Publish over Websocket Distributed Computing Two MQTT clients and one server performing these operations over Websocket: both clients connect to the same server, subscriber client subscribes to a MQTT topic, publish client publishes messages to the same topic, subscriber then receives messages from the server published by publisher. Subscriber unsubscribes from the topic, then both clients disconnect from the server. In the end the containing Websocket connections are terminated by both clients.
GmailClassic TLSv1.2 Email/WebMail Simulates a Google Mail Classic session with Lawful Intercept. The client sends a message request with an embedded Lawful Intercept keyword or needle, in an attempt to test the LI system.TLSv1.2 and cipher AES128-GCM-SHA256 are used for encrypted traffic. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. You can remove all the interactions to a host by deleting that host from the Hosts list. Several versions of this protocol may exist. The version that will be run is appended to the client "Host Nickname" found in the Hosts list. The most recent version will be run if the version number found there is invalid or does not exist.
Google Play Sandvine Bandwidth TLSv1.2 Mobile Simulates Google Play search, view and download with parameters set for high bandwidth. TLSv1.2 and cipher AES128-GCM-SHA256 are used for encrypted traffic.
Facebook Android TLSv1.2 Social Networking/Search Simulates an Android Facebook session by resembling a Facebook API session but with a few differences (DNS and TLSv1.2 are both used).[RFC 1035]
Facebook iOS TLSv1.2 Social Networking/Search Simulates the Facebook iOS application which uses the legacy REST server. TLSv1.2 and cipher AES128-GCM-SHA256 are used for encrypted traffic.
Google Map Search TLSv1.2 Social Networking/Search A search using Google Maps. TLSv1.2 and cipher AES128-GCM-SHA256 are used for encrypted traffic.
Instagram Apr18 Bandwidth Social Networking/Search Instagram simulation of signing in, photo viewing and commenting, as well as sharing a photo before logging out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Instagram Bandwidth TLSv1.2 Social Networking/Search Instagram simulation of signing in, photo viewing and commenting, as well as sharing a photo before logging out. TLSv1.2 is used for encrypted traffic. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Twitter View Favorites TLSv1.2 Social Networking/Search Simulates the Twitter Service (API version 1.1) utilizing the TwitterAPI Client. The client logs into the service, views the home timeline and then views favorites. TLSv1.2 and cipher AES128-GCM-SHA256 are used for encrypted traffic.
iTunes Mobile App Store TLSv1.2 Voice/Video/Media A mobile device purchasing and downloading an app from the Apple iTunes store. This uses the ITunes (ITMS) protocol. TLSv1.2 and cipher AES128-GCM-SHA256 are used for encrypted traffic.
iTunes Mobile Music TLSv1.2 Voice/Video/Media A mobile device purchasing and downloading music from the Apple iTunes store. This uses the ITunes (ITMS) protocol. TLSv1.2 and cipher AES128-GCM-SHA256 are used for encrypted traffic.

New Strikes (18)

CVSS ID References Category Info
9.0 E18-0gzp1 CVE-2017-7413
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
URL
Exploits The strike exploits an OS command injection vulnerability in Horde Groupware Webmail client. The vulnerability originates from the lack of sanitation in handling the 'generate_email' parameter when generating PGP keys. The parameter will be later passed as a command line argument to the 'gpg' binary, allowing arbitrary commands execution on the host system.
9.0 E17-0gl01 CVE-2017-6884
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
EXPLOITDB-41782
Exploits This strike exploits a command injection vulnerability in Zyxel EMG2926 home router. The vulnerability is due to improper validation of input passed to 'nslookup' function located in the diagnostic tools. By exploiting this vulnerability, a remote unauthenticated attacker can execute arbitrary OS commands on the target router.
7.6 E18-0hxo1 BID-103986
CVE-2018-8145
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-45011
URL
Exploits This strike exploits a vulnerability in the Microsoft Edge browser. It is possible to cause a heap buffer to overflow by creating new objects with specific elements as arguments that repeat in javascript. When this code is executed a buffer overflows and a denial of service condition occurs. Remote code execution may also be possible.
7.6 D18-majo1 BID-102405
CVE-2018-0758
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-43491
GOOGLE-1380
SECURITYTRACKER-1040100
Denial This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in Javascript Chakra engine. Because there is not an Integer Overflow check in place, it is possible to craft Javascript in such a way that causes a bug to occur when LowerSetConcatStrMuliItem is called to concatenate strings. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.5 E18-0p8g1 CVE-2018-8096
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
EXPLOITDB-45136
URL
Exploits This strike exploits an authentication bypass on Datalust Seq web server. This vulnerability is due to improper use of a HTTP parameter "Name:isauthenticationenabled" under HTTP PUT request. A remote attacker can exploit this vulnerability by sending crafted HTTP PUT request to the system. Successful exploitation results in authentication bypass on target server.
7.5 E18-0l7x1 BID-104763
CVE-2018-2893
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits An insecure deserialization vulnerability was found in Oracle WebLogic Server. The vulnerability is due to insufficient validation of serialized data within T3 requests. The vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.
7.5 E18-8vf31 CVE-2018-1000207
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a remote code execution vulnerability found in Modx Revolution CMS. The vulnerability is due to improper input validation while processing parameters before passing them into 'phpthumb' class. An attacker could exploit this vulnerability by crafting a special HTML POST request that can create a file with custom a filename and content. This can result in execution of arbitrary commands under the privileges of web server daemon user.
6.8 E18-5kws1 CVE-2018-14300
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
ZDI-18-760
Exploits This strike exploits a use-afer-free vulnerability in Foxit Reader. This vulnerability is due to improper handling of an annotation object. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
6.8 E18-5igq1 CVE-2018-11130
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a heap use-after-free vulnerability in VCFTools program package. The vulnerability is due to inexistent validation of 'FORMAT' input contained within the VCF file to be analyzed. An attacker could potentially run arbitrary code or possibly have unspecified other impact on the target system by enticing a user to analyze a maliciously crafted VCF file.
6.8 E18-5i981 BID-104580
CVE-2018-10860
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a directory traversal vulnerability in Perl Archive. The filename field of zip files is not sanitized for directory traversal characters. Files unzipped with Perl Archive may overwrite files in the location specified in the directory traversal. An attacker can exploit this by sending a specially crafted zip file to the target and enticing them to use Perl Archive to unzip the file. Successful exploitation may result in arbitrary file overwrite.
6.8 E18-m9x71 BID-100610
CVE-2017-5116
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
GOOGLE-759624
SECURITYTRACKER-1039291
Exploits This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in Javascript v8 engine. It is possible to craft Javascript in such a way that when the main thread parses the WebAssembly Code, the worker thread can also modify this code at the same time causing out of bounds memory access. This may lead to a denial of service condition in the browser, or potentially remote code execution.
6.0 E18-5kyk1 CVE-2018-14364
CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P)
URL
Exploits This strike exploits a directory traversal vulnerability in GitLab. The GitLab projects import component does not properly validate the imported files, which allows an attacker to write symbolic links to public accessible locations on the server. By importing a project containing crafted symbolic links, an attacker could read arbitrary files from the file system to further leverage the vulnerability to a code execution scenario.
6.0 E18-5jtr1 BID-104569
CVE-2018-12895
CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P)
URL
Exploits The strike exploits an authenticated directory traversal vulnerability in WordPress platform. The vulnerability is due to the lack of sanitization of the 'thumb' POST parameter while handling media files metadata within 'post.php', and can be exploited by any account with edit rights. As a consequence, an attacker may delete arbitrary files within the file system which can be leveraged to code execution by changing the platform's configuration.
6.0 E18-5l011 BID-104914
CVE-2018-14417
CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P)
URL
Exploits This strike exploits a remote code execution in SoftNAS Cloud. The vulnerability is caused by insufficient validation of 'recentVersion' parameter on HTTP requests. Successful exploitation could allow an attacker to trigger a remote command execution on the target server.
5.8 E18-mbfm1 BID-104699
CVE-2018-5019
CVSS-5.8 (AV:N/AC:M/AU:N/C:P/I:N/A:P)
SECURITYTRACKER-1041250
URL
Exploits This strike exploits an out-of-bounds read vulnerability in Adobe Acrobat Reader. The vulnerability is due to improper parsing of an embedded font by the CoolType module. An exploit could be triggered by opening a crafted XPS document. Successful exploitation could result in information disclosure which could be used to further compromise the target system.
4.6 E18-0psy1 CVE-2018-8834
CVSS-4.6 (AV:L/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a heap buffer overflow vulnerability in OMRON CX-One CX-FLnet. The vulnerability is due to improper parsing of the parameters in a FLN configuration file. An attacker can entice a target to open a specially crafted FLN configuration file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the application.
4.6 E18-0osa1 CVE-2018-7514
CVSS-4.6 (AV:L/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a stack buffer overflow vulnerability in OMRON CX-One CX-Montion. The vulnerability is due to improper parsing of the parameters in a MCI configuration file. An attacker can entice a target to open a specially crafted MCI configuration file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the application.
3.5 E18-5l251 CVE-2018-14493
CVSS-3.5 (AV:N/AC:M/AU:S/C:N/I:P/A:N)
EXPLOITDB-45160
Exploits This strike exploits a store cross-site scripting vulnerability in Open-AudIT Community 2.2.6. This vulnerability is due to improper http input filtering the parameter "groups". By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target user's browser.