Security Bytes

Jun 28 2007   8:34AM GMT

Morning security flaw report for June 28

Leigha Leigha Cardwell Profile: Leigha

Here are some of the latest vulnerability alerts, based on my Internet travels this morning:

Check Point flaws

The French Security Incident Response Team (FrSIRT) has issued two advisories about some security holes in Check Point products.

The first advisory is about a flaw attackers could exploit in Check Point’s Safe@Office appliances to execute arbitrary requests. “This issue is caused by input validation errors in the web interface that fails to properly validate HTTP requests, which could be exploited by attackers to bypass security restrictions and manipulate certain data by tricking an administrator into following a malicious URL,” FrSIRT said. It affects Check Point Safe@Office Appliances version 7.0.39x and prior and can be addressed by upgrading to Embedded NGX 7.0.45 GA.

The second advisory is about a flaw attackers could exploit in Check Point VPN-1 UTM Edge to execute arbitrary scripting code. “This issue is caused by unspecified input validation errors in the management interface that fails to properly validate HTTP requests, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user’s browser in the security context of an affected Web site,” FrSIRT said. Upgrading to the latest version fixes the problem.

Flaws in HP security products

HP has acknowledged flaws attackers could exploit in its Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX) to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

Secunia’s advisory has full details.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: