Ixia ATI Update 2019-10 (360700)

Defects Resolved

Ticket Info
DE8785 Replaced "rand" method with equivalent code which employs the global seed for Strike for CVE-2014-2309.
DE10436 (BUG1510963) Strike for CVE-2009-3840 was sending invalid exploit traffic. To work correctly, Error Code 1 and Error Code 2 must match, be less than -5, and be little endian. The strike was not sending matched error codes and was in big endian. This has been fixed.
DE10437 (BUG1511483) The Strike with ID E18-3dwq1 has had its Javascript modified to allow it to properly go through our obfuscation engine.
DE10447 The transport protocol of the WhatsApp Flow was changed from UDP to TCP, except for the audio/video traffic.
DE10448 Fixed cryptographic error reported when running GmailClassic SuperFlows through proxy.
DE10450 Fix Strike for CVE-2014-9267 for undeclared variables.
DE10451 Fix Strike E13-4o001 for undeclared variables.
DE10460 Modified session.rb so that frames whose size is greater than the max_mtu for IPv6 will be properly reported as an error and not timeout.

Enhancements

Ticket Info
US96550 Adding Support for NP token for Subscribe action in MQTT.

New Strikes (8)

CVSS ID References Category Info
10.0 E19-7nvx1 CVE-2019-11469
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
EXPLOITDB-46740
Exploits This strike exploits an SQL injection vulnerability in Zoho ManageEngine Applications Manager. The vulnerability is caused by insufficient validation of user input "resourcetype" on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker abilities to execute SQL queries on the target server.
10.0 E19-8vx91 BID-106176
CVE-2018-1000861
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a remote code execution vulnerability in Jenkins. The vulnerability is due to improper filtering of the "value" parameter when invoking a method on Java objects. An attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in remote code execution on the target server.
10.0 E19-0r901 CVE-2019-0708
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits This strike replicates an attack known as Bluekeep against a Microsoft Windows RDP Server (Remote Desktop Services), exploiting a use-after-free vulnerability. The flaw resides in a single memory zone being addressed by two different pointers when creating a RDP channel with the name 'MS_T120', when the connection is set up. A successful exploitation grants the attacker complete control over the target system.
9.3 E19-0r6i1 CVE-2019-0618
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
URL
ZDI-19-194
Exploits This strike exploits an remote code execution vulnerability in the GDI+ (Graphics Device Interface) module of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the 'DoRotatedStretchBlt' method pertaining to 'gdiplus.dll' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with the privileges of the application using the vulnerable module.
7.5 E19-0r8p1 CVE-2019-0697
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
Exploits This strike reproduces an attack on Microsoft Windows' DHCP client, on a buffer overflow vulnerability. The flaw results from the lack of field counting when parsing 'Options' fields in a DHCP ACK packet, resulting in overwrite of memory areas. As a consequence of exploiting this bug, a remote attacker controlling a DHCP server may take advantage and gain control of vulnerable Windows-based DHCP clients.
6.8 D19-0mbs1 CVE-2018-4328
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
GOOGLE-1610
Denial This strike exploits a vulnerability in Apple Safari Webkit. Specifically, the vulnerability exists when making a call to the InlineTextBox::paint method. It is possible to craft Javascript in such a way that when invoking this method memory corruption will occur leading to an out of bounds memory read. This can lead to a denial of service or potentially allow for remote code execution to occur.
6.4 E19-5m6w1 BID-105317
CVE-2018-15960
CVSS-6.4 (AV:N/AC:L/AU:N/C:N/I:P/A:P)
Exploits This strike exploits a directory traversal vulnerability in Adobe ColdFusion CKEditor. The vulnerability is due to improper sanitization in the file upload.cfm. An attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could upload arbitrary files to the target server.
5.1 D19-0v6c1 CVE-2019-5796
CVSS-5.1 (AV:N/AC:H/AU:N/C:P/I:P/A:P)
GOOGLE-1748
Denial This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists when ExtensionsGuestViewMessageFilter is destroyed while concurrently modifying ProcessIdToFilterMap. When this happens a race condition will occur which can lead to a denial of service in the browser.