Ubizen Security Intelligence Lab Uncovers Vulnerability In Tivoli Firewall Toolbox

Ubizen(r) (Nasdaq Europe: UBIZ – Euronext: UBI), a principal provider of Managed Security Solutions (MSS) for global businesses, announced that its Security Intelligence Lab (SIL) discovered a buffer overflow vulnerability with the IBM Tivoli Firewall Toolbox version 1.2. The vulnerability can potentially allow remote attackers to penetrate trusted networks and compromise traffic sent between Tivoli gateway proxies and endpoints.

The Tivoli Firewall Toolbox is an optional component of the Tivoli management environment that provides the underlying communication for the framework-based applications within a firewall environment. The vulnerability was discovered in this communication layer, and if left unchecked, can potentially expose that system to unauthorised remote access.

This vulnerability has been corrected in IBM Tivoli Firewall Toolbox version 1.3 and it is available for download through the IBM.com support site. More information about this product and instructions on how to upgrade can be found here:

http://www.3.ibm.com/software/sysmgmt/products/support/IBMTivoliManagementFramework.html

Ubizen analyses threats to customers’ networks in its Security Intelligence Lab (SIL). Ubizen SIL engineers and analysts conduct ethical hacking, probing for vulnerabilities and evaluating weaknesses in security devices used by Ubizen customers. When a vulnerability is detected, Ubizen alerts the vendor and helps to create the necessary patch when appropriate. Security experts at the SIL scour a variety of sources, including the Web, vendor channels and underground resources, to gather the latest information about threats, system vulnerabilities and possible attacks.

SIL analysts stay current on the latest hacking trends and techniques. “They think like hackers themselves,” said Bart DeMaertelaere, Ubizen VP of Security Operations. “This allows Ubizen to anticipate hackers’ probable moves and address vulnerabilities before hackers actually attack. This ability to survey and protect the security landscape provides superior long-term threat analysis through real-world experience for Ubizen’s customers.”

About Ubizen
Ubizen is the principal provider of Managed Security Solutions for global businesses. Companies rely on Ubizen OnlineGuardian(r) services for outsourced management, monitoring and support of enterprise security devices 24x7x365. A Professional Services team complements Ubizen OnlineGuardian services, by helping enterprises plan and implement vulnerability assessments, security policies and security infrastructures. Ubizen also protects Web servers against application-level attacks, such as Nimda and Code Red, with Ubizen DMZ/Shield(tm) Enterprise. Founded in 1995, Ubizen protects 3000 security devices in over 35 countries worldwide. Ubizen (www.ubizen.com) is a public company with dual listings on Nasdaq Europe (UBIZ) and the Euronext (UBI) exchange.