Ixia ATI Update ATI-2019-21 (372546)

Enhancements

Ticket Info
ATIBPS-16215 The 1-arm SuperFlow should have the External Host IP in the NN set to 8.8.4.4 or 1.1.1.1 to work against the real service. THIS ONLY WORKS AGAINST DNS.GOOGLE ON OCTOBER 2019. Please refer to this link for more details: https://www.ixiacom.com/company/blog/using-breakingpoint-test-dns-over-https-doh-services-part-1.
ATIBPS-16151 Added PORT_SET extension (RFC 7753) in MAP Request/Response for PCPv2.
ATIBPS-11178 NAT tag has been added to the Blackberry Enterprise Receive Email superflow to make it NAT compatible.
ATIBPS-14064 Added proper description for the action Voice Data under the Skype Call Superflow.
ATIBPS-14050 Added preliminary support for Authoritative Name servers as part of the response action for DNS.
ATIBPS-10136 Updated all canned superflows to use 2048 length keys and certs as per the industry standard.
ATIBPS-9911 The canned malware description has been changed to more specifically describe what composes canned malware.
ATIBPS-16154 IKEv2 VPN scenario has been added to Simulated IPSec over UDP protocol.

New Protocols & Applications (2)

Name Category Info
Redis Database Redis is an in-memory data structure project implementing a distributed, in-memory key-value database with optional durability. Redis made popular the idea of a system that can be considered at the same time a store and a cache, using a design where data is always modified and read from the main computer memory, but also stored on disk in a format that is unsuitable for random access, only to reconstruct the data back in memory once the system restarts.
Office 365 Outlook People Oct19 Social Networking/Search Simulates the use of the Office 365 Outlook People website as of October 2019. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (13)

Name Category Info
ClientSim Redis Append Request Database This simulates the Append to key workflow for the Redis protocol on a particular key.
ClientSim Redis Basic Requests Database This simulates Set, Get, Delete, Exists, Dbsize, Ping, Rename and Append Redis requests on a particular set of keys.
ClientSim Redis Rename Request Database This simulates the Rename key workflow for the Redis protocol on a particular key.
LwM2M over CoAP Distributed Computing/IoT Added LWM2M over CoAP superflow (without DTLS encryption).
Office 365 Outlook People Oct19 Social Networking/Search Simulates the use of the Office 365 Outlook People.The user accesses the sign in page, signs in, creates a new contact, searches for a contact, deletes a contact and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Office 365 Outlook People Oct19 Create and Delete a Contact Social Networking/Search Simulates the use of the Office 365 Outlook People.The user accesses the sign in page, signs in, creates a new contact, deletes a contact and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Office 365 Outlook People Oct19 Search for a Contact Social Networking/Search Simulates the use of the Office 365 Outlook People.The user accesses the sign in page, signs in, searches for a contact and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
PCPv2 Map Request PORT_SET Superflow Testing and Measurement This simulates a basic PCPv2 session with Map Request scenario, including PORT_SET Allocation Option described in RFC 7753.
Redis Append Request Database This simulates both the client and server for an Append to key workflow for the Redis protocol on a particular key.
Redis Basic Requests Database This simulates Set, Get, Delete, Exists, Dbsize, Ping, Rename and Append Redis requests and responses on a particular set of keys.
Redis Rename Request Database This simulates both the client and server for a Rename key workflow for the Redis protocol on a particular key.
Simulated IKEv2/IPSec VPN (Download Traffic) Remote Access Simulates IKEv2/IPSec VPN traffic from a client attempting to download data. The client performs the IKEv2 parameter negotiation and NAT discovery with the VPN server over UDP port 500. Then it proceeds in EAP exchanges with the server to establish IKEv2/IPSec over UDP port 4500 and stream ESP packets. The ESP payload-sizes and the distribution are configured to follow a file download pattern.
Simulated IKEv2/IPSec VPN (Upload Traffic) Remote Access Simulates IKEv2/IPSec VPN traffic from a client attempting to upload data. The client performs the IKEv2 parameter negotiation and NAT discovery with the VPN server over UDP port 500. Then it proceeds in EAP exchanges with the server to establish IKEv2/IPSec over UDP port 4500 and stream ESP packets. The ESP payload-sizes and the distribution are configured to follow a file upload pattern.

New Strikes (5)

CVSS ID References Category Info
9.0 E19-7osq1 CVE-2019-12650
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
URL
Exploits This strike exploits a command injection vulnerability in the WebUI component of Cisco IOS XE. The vulnerability is due to improper validation of user-supplied 'snortcheck.lua' form data via the WebUI. An user with low privilege access can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in execution of Cisco console commands with administrative privileges.
7.6 E19-0pdv1 BID-104637
CVE-2018-8291
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-45215
GOOGLE-1576
Exploits This strike exploits a vulnerability in the Microsoft Edge browser. Specifically the vulnerability exists within the Javascript Chakra engine. An attacker can craft Javascript in such a way that the CopyFrom method does not copy all fields, including the IsShadowed field, from another descriptor to "this". This causes type confusion to occur, and can lead to a denial of service condition in the browser or potentially remote code execution.
7.5 E19-zrrp6 CVE-2014-4725
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
EXPLOITDB-33991
URL
Exploits This strike exploits a file upload vulnerability in the Wordpress Plugin MailPoet Newsletters. The vulnerability allows for the unauthenticated attacker to take advantage of the plugin's use of the admin_init hook by uploading a theme using wp-admin/admin-post.php. By exploiting this vulnerability, an unauthenticated attacker can upload arbitrary files on the server and execute them.
5.0 E19-7t3d1 CVE-2019-18217
CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)
Exploits A logic error exists in ProFTPD 1.3.6rc2, resulting in infinite loops getting triggered by commands with 4100 or more characters. An unauthenticated, remote attacker can exploit this vulnerability by sending an excessively long command to the target server. Successful exploitation causes an infinite loop leading to full CPU usage.
4.3 E19-0w6t1 CVE-2019-7109
CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
URL
Exploits An out-of-bounds read vulnerability exists in several Adobe Acrobat products containing the 'acrodistdll.dll' shared library. The OOB read occurs whenever comments placed inside postscript objects are processed and no new line character is further detected. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted JOBOPTIONS file. Successful exploitation of this vulnerability could lead to information disclosure.

Defects Resolved

Ticket Info
ATIBPS-16212 Fixed an issue where HTTP2 Post and Response does not split message to frames when the message is longer than SETTINGS_MAX_FRAME_SIZE. If the payload message is longer than specified SETTINGS_MAX_FRAME_SIZE, it is now separated into frames before sending to the receiver.
ATIBPS-16199 Deleted strikes G08-3cp01 due to SSL payload without decryption.
ATIBPS-16203 Deleted strikes G05-39w01 due to bad TCP packets.
ATIBPS-16186 Updated destination port for E06-6qv02.
ATIBPS-16157 Fix reference and traversal path for strike for E18-ua3e1 (Jenkins Accept-Language Header Directory Traversal).
ATIBPS-16143 Fixed Diameter protocol bug where user assigned hop-by-hop ID and end-to-end ID were ignored.
ATIBPS-16121 Updated E19-0bdt2 to match the 'Multiplex ID' value within the 'SMB_COM_TRANSACTION_SECONDARY' request to the 'FID' of the 'SMB_COM_WRITE_ANDX' request.
ATIBPS-16120 The strike E16-5ed01 has had 2 of it's directory traversal options modified to include the correct attack vector.
ATIBPS-8109 Fixed an issue for strike E18-0olw1 where the header in SIP was "Allow" and should be "Accept".
ATIBPS-8109 Fixed the exploit for strike E18-0ou61 by adding the overlong HTTP "Accept" header.