Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - and little flaws in IVE InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

and little flaws in IVE

Published: 2006-04-28
Last Updated: 2006-04-28 19:01:24 UTC
by donald smith (Version: 2)
0 comment(s)
Juniper Networks released a vulnerability announcement today.
From: http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
"Title: IVE ActiveX client vulnerability
Date: 25 April 2006
Version: 1.0
Impact: Client side code execution in context of Internet Explorer
Affected Products: IVE OS 1.x to 5.x
Max Risk: High
Recommended Actions: Upgrade the IVE software to any of the following fixed versions: 5.3r2.1, 5.2r4.1, 5.1r8, 5.0r6.1, 4.2r8.1"

It appears that an activeX control that is installed when using IVE can be remotely exploited.
The exploit described by eeye looks fairly trivial.

IVE is  Instant Virtual Extranet which provides SSL VPN control with centralized reporting, monitoring and configuration management. It is basically a host security auditor and can be used as an element of their netscreen remote client. It can verify things like recent virus signatures and scans. Which  is important before letting some machine on to your corporate network!

eeye has published the details here:
http://www.eeye.com/html/research/advisories/AD20060424.html


Bleeding Edge Snort team has developed a signature for this.
http://blog.gmane.org/gmane.comp.security.ids.snort.bleedingsnort

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE WEB CLIENT JuniperSetup Control Buffer Overflow"; flow:established,from_server; content:"E5F5D008-DD2C-4D32-977D-1A0ADF03058B"; nocase; content:"ProductName"; nocase; content:"PARAM "; nocase; content:"NAME"; nocase; distance:0; content:"ProductName"; nocase; pcre:"/value[\s'"]*=[\s'"]*[^'"]{100}/i"; reference:
www.eeye.com/html/research/advisories/AD20060424.html; classtype:attempted-user; sid:515151515; rev:1; )

Keywords:
0 comment(s)
Diary Archives