and little flaws in IVE
Juniper Networks released a vulnerability announcement today.
From: http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
"Title: IVE ActiveX client vulnerability
Date: 25 April 2006
Version: 1.0
Impact: Client side code execution in context of Internet Explorer
Affected Products: IVE OS 1.x to 5.x
Max Risk: High
Recommended Actions: Upgrade the IVE software to any of the following fixed versions: 5.3r2.1, 5.2r4.1, 5.1r8, 5.0r6.1, 4.2r8.1"
It appears that an activeX control that is installed when using IVE can be remotely exploited.
The exploit described by eeye looks fairly trivial.
IVE is Instant Virtual Extranet which provides SSL VPN control with centralized reporting, monitoring and configuration management. It is basically a host security auditor and can be used as an element of their netscreen remote client. It can verify things like recent virus signatures and scans. Which is important before letting some machine on to your corporate network!
eeye has published the details here:
http://www.eeye.com/html/research/advisories/AD20060424.html
Bleeding Edge Snort team has developed a signature for this.
http://blog.gmane.org/gmane.comp.security.ids.snort.bleedingsnort
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE WEB CLIENT JuniperSetup Control Buffer Overflow"; flow:established,from_server; content:"E5F5D008-DD2C-4D32-977D-1A0ADF03058B"; nocase; content:"ProductName"; nocase; content:"PARAM "; nocase; content:"NAME"; nocase; distance:0; content:"ProductName"; nocase; pcre:"/value[\s'"]*=[\s'"]*[^'"]{100}/i"; reference:www.eeye.com/html/research/advisories/AD20060424.html; classtype:attempted-user; sid:515151515; rev:1; )
From: http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
"Title: IVE ActiveX client vulnerability
Date: 25 April 2006
Version: 1.0
Impact: Client side code execution in context of Internet Explorer
Affected Products: IVE OS 1.x to 5.x
Max Risk: High
Recommended Actions: Upgrade the IVE software to any of the following fixed versions: 5.3r2.1, 5.2r4.1, 5.1r8, 5.0r6.1, 4.2r8.1"
It appears that an activeX control that is installed when using IVE can be remotely exploited.
The exploit described by eeye looks fairly trivial.
IVE is Instant Virtual Extranet which provides SSL VPN control with centralized reporting, monitoring and configuration management. It is basically a host security auditor and can be used as an element of their netscreen remote client. It can verify things like recent virus signatures and scans. Which is important before letting some machine on to your corporate network!
eeye has published the details here:
http://www.eeye.com/html/research/advisories/AD20060424.html
Bleeding Edge Snort team has developed a signature for this.
http://blog.gmane.org/gmane.comp.security.ids.snort.bleedingsnort
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE WEB CLIENT JuniperSetup Control Buffer Overflow"; flow:established,from_server; content:"E5F5D008-DD2C-4D32-977D-1A0ADF03058B"; nocase; content:"ProductName"; nocase; content:"PARAM "; nocase; content:"NAME"; nocase; distance:0; content:"ProductName"; nocase; pcre:"/value[\s'"]*=[\s'"]*[^'"]{100}/i"; reference:www.eeye.com/html/research/advisories/AD20060424.html; classtype:attempted-user; sid:515151515; rev:1; )
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments