Search results for: vulnerability

GFI Combines McAfee Anti-Virus Technology from Network Associates with GFI MailSecurity

Advanced McAfee anti-virus scanning engine selected to provide more comprehensive email security London, UK, 26 June 2002 – The McAfee Security division of Network Associates (NYSE: NET) and GFI, a leading provider of Windows-based security and messaging software, today announced that the advanced McAfee anti-virus technology will be offered as part of the GFI MailSecurity email security package. GFI MailSecurity from GFI includes the option to integrate leading McAfee anti-virus technology with its existing exploit … More

The Internet, Application Vulnerabilities and Viruses: A Deadly Combination

One thing that can be said about virus writers is that they are not short of ingenuity when it comes to finding ways of spreading their infectious creations. The enormous increase in the use of the Internet, especially for exchanging files and documents, has made their work a good deal easier. Although e-mail is undoubtedly where the most risk lies, there are a number of other channels through which the Internet can be exploited for … More

OpenSSH Remote Vulnerability Roundup

In a recent discussion about the Apache Chunk Handling vulnerability, which consisted of many debates and rants on how the reporting was done, ISS mentioned that they found another serious vulnerability in one other vendor’s open source product. First post about this vulnerability is presented below the ISS advisory released today. Internet Security Systems Security Advisory OpenSSH Remote Challenge Vulnerability ISS X-Force has discovered a serious vulnerability in the default installation of OpenSSH on the … More

eEye Digital Security Offers Free Vulnerability Scanning Utility to Combat Bug in Apache Web Servers

Freeware utility will detect the High Risk vulnerability in Apache HTTP Servers that could affect over 60% of web servers worldwide (Aliso Viejo, CA) – eEye Digital Security has announced a freeware utility that allows administrators to quickly scan their networks for any systems vulnerable to the recent “Chunked Encoding” exposure found in default versions of Apache HTTP Server. The freeware tool may be downloaded directly from the eEye website at: http://www.eeye.com/html/Research/Tools/apachechunked.html An exploit for … More

PivX Provides Free Fix For The Microsoft Internet Explorer Gopher Hole

Source: Internet Wire Publication date: 2002-06-13 NEWPORT BEACH, CA — (INTERNET WIRE) — 06/13/2002 — PivX Solutions, the creator of the patented and proprietary network intrusion security system Inviswallâ„? announced today that they have created a FREE Patch/FIX for the latest Microsoft® Internet Explorerâ„? security hole- Gopher Root Vulnerability[1]:(online.securityfocus.com/news/464) or (online.securityfocus.com/bid/4930/info) “It would not take many minutes to put up a gopher server with a Win32’rootkit’ as content, and then put an innocent but interesting … More

Apache Chunk Handling Roundup

Internet Security Systems and NGSSoftware found a security issue with chunk encoding in the popular Apache web server. The problems may lead to a remote compromise and denial of service. 1) Apache Chunk Handling advisories ISS Advisory “Remote Compromise Vulnerability in Apache HTTP Server” Brief description: ISS X-Force has discovered a serious vulnerability in the default version of Apache HTTP Server. Apache is the most popular Web server and is used on over half of … More

Intrusion SecureNet 2245 Prices Leading Network Intrusion Detection for Remote and Branch Offices

RICHARDSON, Texas–(BUSINESS WIRE)–June 17, 2002– With Intrusion SecureNet 2245, Enterprises Can Now Afford To Extend the Benefits and Security of Network Intrusion Detection to The Entire Wide-Area Network Extending its leading product line of appliance based network intrusion detection sensors, Intrusion Inc. (Nasdaq:INTZ), a leading provider of intrusion detection solutions for the information-driven economy, today announced the Intrusion SecureNet 2245 network intrusion detection sensor. The SecureNet 2245 sensor extends the reach of the Intrusion SecureNet … More

Roundup on BIND Denial of Service

Short description (from Incidents.org Handler’s Diary): There is a Denial of Service vulnerability in ISC Bind (versions 9 up to 9.2.1) When this is exploited by a remote attacker, the BIND server will abort and shut down. After this, you must manually restart BIND. By disabling BIND, other services which depend on BIND may also fail. More detailed description (from CERT Advisory CA-2002-15): A vulnerability exists in version 9 of BIND that allows remote attackers … More

World Class Internet Security Experts Join Qualys’ Technical Advisory Board

Board Brings Visionary Perspective to QualysGuard Platform Redwood Shores, Calif. – June 10, 2002 – Qualysâ„?, Inc., the leader in Managed Vulnerability Assessment, announced at the 2002 Qualys Security Conference the inauguration of its Technical Advisory Board, to provide Qualys’ engineering team with regular counsel from eminent network security professionals. Members of the advisory board will provide strategic direction on long range design and development plans for the QualysGuard? platform, Qualys’ automated, Web-based vulnerability assessment … More

Citadel Security Software Announces Launch of Authorized Technology Partner and Channel Partner Programs

Programs designed to broaden availability of Citadel software and enhance partner product features. Dallas, Texas, June 7, 2002 – Citadel Security Software Inc. (OTCBB: CDSS), announced today the launching of their Authorized Technology Partner and Channel Partner Programs. These comprehensive programs allow qualified system integrators, resellers and technology developers the opportunity to offer Citadel’s security products and/or integrate their technology with Citadel applications. The Technology Partner Program allows other security application developers and service providers … More

Security Advisories Week: 30 May – 6 June 2002

Title: Imap server buffer overflow Date: May 30 2002 Vendor: Mandrake Vulnerable systems: Mandrake Linux 7.1, 7.2, 8.1, 8.2, Corporate Server 1.0.1 Full advisory: Problem description: A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. Title: Ftpd allows data connection hijacking via PASV … More

Security Advisories Week: 22-29 May 2002

Title: OpenServer popper buffer overflow and denial of service Date: May 22 2002 Vendor: Caldera Vulnerable systems: OpenServer 5.0.5 and OpenServer 5.0.6 Full advisory: Problem description: /etc/popper will go into a loop if a character string of length 2048 (or more) is sent to it. If the bulldir variable in the user’s config file is longer than 256 characters, popper will memory fault. Title: Remote buffer overflow in imap Date: May 24 2002 Vendor: Connectiva … More