product line
~~~~~~~~~~~~~
ESET develops software solutions that deliver instant, comprehensive protection
against evolving computer security threats. ESET NOD32® Antivirus, is the flagship
product, consistently achieves the highest accolades in all types of
comparative testing and is the foundational product that builds
out the ESET product line to include ESET Smart Security.
http://www.eset.com/products/eset_performance_advantages.php
II. Description
~~~~~~~~~~~~~
ESET develops software solutions that deliver instant, comprehensive protection
against evolving computer security threats. ESET NOD32® Antivirus, is the flagship
product, consistently achieves the highest accolades in all types of
comparative testing and is the foundational product that builds
out the ESET product line to include ESET Smart Security.
http://www.eset.com/products/eset_performance_advantages.php
II. Description
this product, but many online update mechanisms in general.
IMPACT
Any client system using products that have update mechanisms built on the
InstallShield/FLEXnet Connect product line are vulnerable. This includes many
Microsoft Windows systems that often ship with software pre-installed by the
OEM. For example, some popular CD burning software appears to use the IS
update services pointed at their own servers and is a very widely-deployed
application.
7. Worry Free Business Security Hosted
8. Housecall
Gateway products
-----------------
InterScan Web Security Suite product lines and
InterScan Web Protect for ISA
Impact: Detection is evaded but files are quarantined by default
,residual risk of an administrator deblocking a file as there is
no detection of malicious code.
Grisoft is focused on developing software solutions that provide protection
from computer viruses. Grisoft's primary focus is to deliver the most
comprehensive and proactive protection available on the market.
Distributed globally through resellers and through the internet, the AVG
Anti-Virus product line supports all major operating systems and platforms.
More than 40 million users around the world use Grisoft AVG products to
protect their computers and networks.
Description:
every information warrior. Notable exploits in the 3.1 release include
a remote, unpatched kernel-land exploit for Novell Netware, written by
toto, a series of 802.11 fuzzing modules that can spray the local
airspace with malformed frames, taking out a wide swath of
wireless-enabled devices, and a battery of exploits targeted at
Borland's InterBase product line. "I found so many holes that I just
gave up releasing all of them", said Ramon de Carvalho, founder of RISE
Security, and Metasploit contributor.
"Metasploit continues to be an indispensable and reliable penetration
testing framework for our modern era", says C. Wilson, a security
IV. DETECTION
iDefense has confirmed the existence of these vulnerabilities within
version 6.5.737.0 of vsdatant.sys as installed with Check Point Zone
Labs Zone Alarm Free. All other products within the Zone Alarm product
line are suspected to be vulnerable. Previous versions are also
suspected to be vulnerable.
V. WORKAROUND
Changing the access control mechanisms for the affected device drivers
~~~~~~~~~~~~~
ESET develops software solutions that deliver instant, comprehensive protection
against evolving computer security threats. ESET NOD32® Antivirus, is the flagship
product, consistently achieves the highest accolades in all types of
comparative testing and is the foundational product that builds
out the ESET product line to include ESET Smart Security.
http://www.eset.com/products/eset_performance_advantages.php
[Snip..]
2) Severity Rating:
critical
Impact: Remotely exploitable without authentication.
==================================================
3) Description of Vulnerability
A stack based buffer overflow was discovered within Alcatel OmniSwitch product line.
This buffer overflow was discovered within the Agranet-Emweb embedded management web server and can be exploited remotely without user authentication.
The vulnerability can be triggered on a 6200-24 running AOS Version 5.4.1.396.R01 by sending 2392 bytes in the http header “Cookie: Session=” This appears to overwrite a return address on the stack giving the attacker control of the instruction pointer. The amount of bytes needed to trigger the overflow varies between AOS versions.
==================================================
4) Solution
Fix:
Software Description
McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the
affected product line. More information can be found at
https://kc.mcafee.com/corporate/index?page=content&id=SB10010
<http://www.mcafee.com/us/enterprise/products/network_security/utm_firewall.html>
Vulnerability Description
I cooperate and the planned disclosure date
14/04/2009 : Bitdefender responds that the problem was fixed by an
automatic update on the 13/04/2009
16/04/2009 : Asked what product line and version has been affected and
a CVE number.
15/04/2009 : Bitdefender states that "All our products are affected
by this problem. We don't have a CVE number".
16/07/2009 Initial vendor notification. Secure contacts requested.
16/07/2009 Vendor response
16/07/2009 Vulnerability details sent
21/07/2009 Vendor accepted vulnerability for analysis
0708/2009 Vendor confirmed vulnerability in personal and corporate product lines and notified that the vulnerability will be fixed in new versions of vulnerable products
23/09/2009 Update status query sent
17/09/2009 Vendor response that the vulnerability will be fixed in October but in the last product lines only (personal 2010 CF2 and corporate MP4). Fixing the vulnerability in prior product lines is not planned.
01/10/2009 Corporate product line has been updated (Kaspersky Anti-Virus for Windows Workstations 6.0.4.1212 released)
22/10/2009 Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 Critical Fix 2 released
16/12/2009 Advisory released
1. Summary
VMware addresses a in-guest privilege escalation on 64-bit guest
operating systems in ESX, ESXi, and previously released versions of
our hosted product line. Updated VMware VirtualCenter Update 3
addresses potential information disclosure and updates Java JRE
packages.
2. Relevant releases
Background:
===========
SonicWALL has added the award-winning Aventail SSL VPN product line to
our E-Class SRA appliances. Aventail's best-of-breed SSL VPNs deliver
secure remote access to the most resources from the most end point
locations. Aventail was named in the Visionaries Quadrant in the SSL
VPN Magic Quadrant Report from Gartner, considered to be the leading
analyst firm covering the SSL VPN industry.
holiday the release will be postponed to January. A specific date has not
been set.
. *2008-01-07*: Core requests and status update since there has been no
communication since November 26th, 2007. Core asks if the vendor is on
track to release fixes on the second week of January 2008. VMware had
released of a new version of its VI product line in December but had not
indicate if this release included fixed versions of the vulnerable VMware
products. Publication of CORE-2007-0930 has been re-scheduled for January
14th, 2007.
. *2008-01-08*: Vendor communicates that none of the updates released in
December 2007 addressed the vulnerability reported by Core and provided an
http://www.mwti.net/products/download_center.asp
Description:
============
MicroWorld's eScan, MailScan and X-Spam product line is prone to
security issue where LUA users can elevate their privileges.
1.) Affected applications:
----------------------
- -------------------------------------------------------------------
1. Summary:
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
|
