Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 50
December 18, 2006

SANS Newsletters Home

Microsoft's critical vulnerabilities (#1-#3) head the list this week, but organizations that use Symantec's Veritas NetBackup (#4) or Sophos Anti-virus (#5) should deal with those flaws very soon, as well. Also, Symantec users should go back and check to be sure they installed the patch that blocks the Big Yellow/Sagevo worm. The patch was released in May, but apparently many some sites did not apply it.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 9 (#2, #3, #6, #7, #8, #9)
    • Microsoft Office
    • 2 (#1)
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 7 (#5)
    • Linux
    • 10
    • Solaris
    • 1
    • Cross Platform
    • 7 (#4, #10)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection
    • 7
    • Web Application
    • 32
    • Network Device
    • 1
    • Hardware
    • 1

************************* Sponsored By SANS *****************************

Interested in enhancing your knowledge from a SANS training event? Your solution is the OnDemand Bundle for $379! An online training and assessment system that reinforces the concepts taught in the classroom. For more information email ondemand@sans.org or call (301) 654-7267.

*************************************************************************

TRAINING UPDATE: Great security courses in Orlando and San Diego -

Orlando: 15 immersion courses, January 13-19 http://www.sans.org/bootcamp07/

San Diego: 30 immersion courses, March 29-April 6 http://www.sans.org/sans2007/

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware

************************** Sponsored Links: ***************************

1) Rule #1- NOT Patching is NOT an option. To learn more, view this SANS Webcast: http://www.sans.org/info/2486

2) Do you like to study on your own schedule? Want to save money on travel costs? Check out SANS OnDemand online training and assessments. http://www.sans.org/info/2491

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Word Remote Code Execution (0day)
  • Affected:
    • Microsoft Word 2000/2002/2003 and possibly other versions
    • Microsoft Word X for Mac

  • Description: A new remote code execution has been discovered in Microsoft Word. This flaw is distinct from the two reported in the last issue of @RISK (see below). A specially-crafted Word document could exploit this vulnerability to execute arbitrary code with the privileges of the current user. Note that Word documents do not open without prompting on all versions of Word after Word 2000. A proof-of-concept for this vulnerability is publicly available.

  • Status: Microsoft has not confirmed, no updates available. Council Site actions: All of the reporting council sites are waiting on an update and confirmation from Microsoft. Several sites have issued warnings to their users regarding the receipt of unsolicited or unexpected Word documents, especially from unknown sources.

  • References:
  • (3) CRITICAL: Microsoft Windows Media Runtime Buffer Overflows (MS06-078)
  • Affected:
    • Microsoft Windows Media Format Runtime versions 7.1 through 9.5

  • Description: The Microsoft Windows Media Format Runtime, used to play Windows Media formatted data by many applications, including Windows Media Player, contains two buffer overflow vulnerabilities. Failure to properly handle malformed Advanced Systems Format (ASF) and Advanced Stream Redirector (ASX) files can lead to buffer overflows. An attacker could exploit these buffer overflows to execute arbitrary code with the privileges of the current user. Note that ASF and ASX files are opened without prompting by default. The ASX vulnerability was reported in a previous edition of @RISK.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: All council sites are responding to this vulnerability. They have either already started the update deployment process or plan to deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (6) MODERATE: Microsoft Visual Studio WMI Object Broker Remote Code Execution (MS06-073)
  • Affected:
    • Microsoft Visual Studio 2005 Standard and Professional Editions
    • Microsoft Visual Studio 2005 Team Suite
    • Microsoft Visual Studio 2005 Team Editions for Developers, Architects, and Testers

  • Description: A remote code execution vulnerability exists in the WMI Object Broker ActiveX control included with certain versions of Microsoft Visual Studio. A web page that instantiates this control could exploit this vulnerability to execute arbitrary code with the privileges of the current user by escaping the normal restrictions of the "Internet" security zone normally enforced on ActiveX controls instantiated by web pages. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism for CLSID "7F5B7F63-F06F-4331-8A26-339E03C0AE3D". It is believed that this vulnerability is related to or the same as one discussed in an earlier edition of @RISK. That vulnerability is being actively exploited in the wild.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Most of the reporting council sites are responding to this vulnerability. They have either already started the deployment process or plan to deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (7) MODERATE: Microsoft SNMP Service Memory Corruption Vulnerability (MS06-074)
  • Affected:
    • Microsoft Windows 2000 SP4
    • Microsoft Windows XP SP2
    • Microsoft Windows 2003

  • Description: The Microsoft SNMP service, used to manage Microsoft Windows systems via the Simple Network Management Protocol (SNMP) contains a memory corruption vulnerability. By sending a specially SNMP request to the affected system, an attacker could exploit this vulnerability and execute arbitrary code with SYSTEM privileges. Note that the Microsoft SNMP service is not installed by default. Users are advised to block UDP port 161 at the network perimeter if possible, and use secure SNMP community strings. A working exploit is available to members of Immunity Security's partners program.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Most of the reporting council sites are responding to this vulnerability. They have either already started the deployment process or plan to deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (8) MODERATE: Microsoft Outlook Express Windows Address Book Buffer Overflow (MS06-076)
  • Affected:
    • Outlook Express 5.5 SP2
    • Outlook Express 6

  • Description: Microsoft Outlook Express contains a buffer overflow vulnerability in the processing of Windows Address Book (WAB) files. These files are used to store addresses and other contact information. A specially-crafted WAB file could exploit this vulnerability and execute arbitrary code with the privileges of the current user. Note that WAB files are generally not configured to open without prompting.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Most of the reporting council sites are responding to this vulnerability. They have either already started the deployment process or plan to deploy the update during their next regularly scheduled maintenance window.

  • References:
  • (9) MODERATE: Microsoft Remote Installation Service File Access Vulnerability (MS06-077)
  • Affected:
    • Windows 2000 SP4

  • Description: The Microsoft Remote Installation Service, used to perform remote installations of the Windows operating system and other system components, contains an insecure file access configuration vulnerability. The directory storing the installable files is writable by default via the Trivial File Transfer Protocol (TFTP). An unauthenticated attacker could upload a malicious file to this directory via TFTP; this file would be subsequently installed on systems that use the Remote Installation Service. Note that systems would need to be configured to download the malicious file to be affected. Users are advised to block UDP port 69 at the network perimeter, if possible.

  • Status: Microsoft confirmed, updates available.

  • Council Site Actions: Only two of the reporting council sites are using the affect software. They plan to distribute the patch during their next regularly scheduled maintenance window.

  • References:
  • (10) MODERATE: BitDefender PE File Parsing Engine Integer Overflow
  • Affected:
    • BitDefender Antivirus and Antivirus Plus
    • BitDefender for ISA Server and MS Exchange
    • BitDefender Internet Security
    • BitDefender Mail Protection for Enterprises
    • BitDefender Online Scanner

  • Description: Multiple BitDefender products are vulnerable to an integer overflow in parsing packed PE (Portable Executable) files. Portable Executable files are the standard executable format on Microsoft Windows systems. Failure to properly handle certain malformed packed PE files can lead to an integer overflow and arbitrary code execution with the privileges of the scanning process.

  • Status: BitDefender confirmed, updates available. According to BitDefender's website, the update was distributed immediately via BitDefender's automatic update system, and no user interaction is required to install the update.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 50, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5308 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.50.1 - CVE: Not Available
  • Platform: Windows
  • Title: Sophos Anti-Virus Scanning Engine Veex.DLL Multiple Buffer Overflow Vulnerabilities
  • Description: Sophos antivirus scanning engine is an antivirus scanning engine application available for Microsoft Windows. The application is exposed to multiple remote stack-based buffer overflow issues because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Versions prior to 2.4.0 are affected.
  • Ref: http://www.sophos.com/support/knowledgebase/article/17340.html
  • 06.50.2 - CVE: Not Available
  • Platform: Windows
  • Title: SiteKiosk About Prefix Zone-Bypass
  • Description: SiteKiosk is a public access terminal application. It is exposed to a zone bypass issue due to insufficient sanitization of user-supplied input to the "About" prefix. SiteKiosk versions prior to 6.5.150 are affected. Ref: http://www.sitekiosk.com/th_support/versions/index.php3?id=39&PHPSESSID=774c42843698f37c24b9d0623b175932
  • 06.50.3 - CVE: CVE-2006-5578
  • Platform: Windows
  • Title: Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure
  • Description: Microsoft Internet Explorer is exposed to an information disclosure vulnerability when handling drag and drop operations under certain circumstances. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx
  • 06.50.4 - CVE: CVE-2006-5584
  • Platform: Windows
  • Title: Windows 2000 Remote Installation Service Remote Code Execution
  • Description: Microsoft Windows is prone to a remote code execution issue because the Remote Installation Services (RIS) enables a TFTP service on the server, allowing an anonymous user to overwrite existing operating system files. See the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-077.mspx
  • 06.50.5 - CVE: CVE-2006-2386
  • Platform: Windows
  • Title: Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution
  • Description: Microsoft Outlook Express is an email client available for various Microsoft platforms. It is exposed to a remote code execution issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically a specially-crafted address book could trigger this issue to execute arbitrary code in the Windows Address Book (WAB).
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-076.mspx
  • 06.50.6 - CVE: CVE-2006-4702
  • Platform: Windows
  • Title: Windows Media Player Remote ASF File Buffer Overflow
  • Description: Windows Media Player is prone to a buffer overflow vulnerability because it fails to properly bounds check user-supplied data contained in specially-crafted ASF (Advanced Streaming Format) multimedia files. Please see the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx
  • 06.50.7 - CVE: CVE-2006-5583
  • Platform: Windows
  • Title: Microsoft Windows SNMP Service Remote Code Execution
  • Description: The Simple Network Management Protocol (SNMP) allows administrators to remotely manage network devices. The Microsoft Windows SNMP service allows incoming SNMP requests to be serviced by the local computer. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-074.mspx
  • 06.50.8 - CVE: CVE-2006-5581
  • Platform: Windows
  • Title: Microsoft Internet Explorer DHTML Script Function Remote Code Execution
  • Description: Microsoft Internet Explorer is prone to a remote code execution vulnerability that is related to how the browser renders DHTML script functions on nonexistent DHTML elements. Please see the advisory for further details.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx
  • 06.50.9 - CVE: CVE-2006-5585
  • Platform: Windows
  • Title: Microsoft Windows Manifest File Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue because the software fails to properly process and manage file manifests. Microsoft Windows XP Service Pack 2 and Microsoft Windows Server 2003 are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-075.mspx
  • 06.50.10 - CVE: CVE-2006-6456
  • Platform: Microsoft Office
  • Title: Microsoft Word Unspecified Code Execution
  • Description: Microsoft Word is exposed to a remote code execution issue because the application fails to handle maliciously crafted Microsoft Word files that contain excessive string values. Word 2000, 2002, 2003 and Word Viewer 2003 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/166700 http://www.securityfocus.com/bid/21518/info
  • 06.50.11 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Word Code Execution
  • Description: Microsoft Word is exposed to a remote code execution vulnerability because the application fails to handle maliciously crafted Microsoft Word files that contain excessive string values. This issue arises due to a memory corruption vulnerability.
  • Ref: http://www.securityfocus.com/bid/21589
  • 06.50.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Golden FTP Server Remote Denial of Service
  • Description: Golden FTP Server is exposed to a remote denial of service issue. This issue affects the "USER" command when an overly long string of 5000 bytes or more is processed. Version 1.92 is affected.
  • Ref: http://www.securityfocus.com/bid/21530
  • 06.50.14 - CVE: CVE-2006-5645
  • Platform: Third Party Windows Apps
  • Title: Multiple Trend Micro Antivirus RAR Archive Remote Denial of Service
  • Description: Trend Micro provides antivirus and software security applications. These applications are exposed to remote denial of service issues because they fail to properly handle file types, resulting in excessive consumption of system resources. Trend Micro Server Protect version 5.58, Trend Micro PC Cillin - Internet Security 2006 and Trend Micro Office Scan version 7.3 are affected.
  • Ref: http://www.trendmicro.com/en/home/us/home.htm
  • 06.50.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell Client NDPPNT.DLL Unspecified Buffer Overflow Vulnerability
  • Description: Novell Client is an application that enables NetWare service access from Microsoft Windows computers. It is prone to an unspecified buffer overflow issue when the NDPPNT.DLL library fails to perform adequate bounds checking on user-supplied data before copying it to an insufficiently sized buffer.
  • Ref: http://support.novell.com/docs/Readmes/InfoDocument/2974843.html
  • 06.50.16 - CVE: CVE-2006-6423
  • Platform: Third Party Windows Apps
  • Title: MailEnable IMAP Service Unspecified Remote Buffer Overflow
  • Description: MailEnable is a mail server for the Microsoft Windows platform. It is prone to a buffer overflow vulnerability in the IMAP service because the application fails to properly bounds check unspecified user-supplied data. This issue is reported to affect the following MailEnable versions: 1.6-1.84 Professional Edition, 1.1-1.41 Enterprise Edition, 2.0-2.35 Professional Edition and 2.0-2.35 Enterprise Edition.
  • Ref: http://secunia.com/secunia_research/2006-73/advisory/
  • 06.50.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winamp iPod Plugin Audio Book File Handling Remote Denial of Service
  • Description: Winamp iPod Plugin is a plugin for Winamp that allows users to manage their iPod from the Winamp media library. This application is exposed to a remote denial of service issue because of an improper read operation when loading malformed audio book files. Winamp iPod Plugin versions 2.00p19 and earlier are vulnerable.
  • Ref: http://aluigi.altervista.org/adv/mlipodbof-adv.txt
  • 06.50.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
  • Description: Hilgraeve HyperACCESS is a terminal communications software suite for the Microsoft Windows operating system. The application is exposed to a remote command execution issue due to a design flaw which allows ".haw" session files to open without user interaction. Version 8.4 is affected.
  • Ref: http://www.securityfocus.com/bid/21594
  • 06.50.19 - CVE: CVE-2006-6564
  • Platform: Third Party Windows Apps
  • Title: FileZilla Server Null Pointer Dereference Denial of Service
  • Description: FileZilla Server is an FTP server. It is vulnerable to a denial of service issue because a NULL pointer deference error occurs when malformed arguments are passed to the "STOR" command. FileZilla versions 0.9.21 and earlier are vulnerable. Ref: http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558
  • 06.50.20 - CVE: CVE-2006-5649, CVE-2006-5871
  • Platform: Linux
  • Title: Linux Kernel Multiple Vulnerabilities
  • Description: Linux Kernel is exposed to multiple issues that allow attackers to cause a kernel panic because the alignment doesn't check for errors except "-EFAULT". This allows attackers to carry out various attacks. Linux Kernel versions 2.6.8 and prior versions are reported to be affected.
  • Ref: http://www.kernel.org/
  • 06.50.21 - CVE: CVE-2006-6107
  • Platform: Linux
  • Title: D-Bus Signals.C Local Denial of Service
  • Description: D-Bus is a message bus system that provides internal communication. It is vulnerable to a local denial of service issue due to an unspecified vulnerability in the "match_rule_equal()" function of the "signal.c" code. D-Bus versions 1.0.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21571
  • 06.50.22 - CVE: CVE-2006-4813
  • Platform: Linux
  • Title: Linux Kernel FS/Buffer.C Local Information Disclosure
  • Description: The Linux kernel is prone to a local information disclosure issue because the "__block_prepare_write" function in "fs/buffer.c" fails to properly clear kernel memory after certain errors, allowing attackers to read portions of unlinked files. Linux kernel versions prior to 2.6.13 are affected.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207463
  • 06.50.23 - CVE: CVE-2006-5875
  • Platform: Linux
  • Title: Enemies of Carlotta Shell Argument Command Execution
  • Description: Enemies of Carlotta is a mailing list manager. It is vulnerable to a command execution issue due to insufficient sanitization of user-supplied input. Meta character commands are invoked and executed in the context of the application. Enemies of Carlotta version 1.2.3 is vulnerable.
  • Ref: http://liw.iki.fi/lists/eoc@liw.iki.fi/msg00366.html
  • 06.50.24 - CVE: Not Available
  • Platform: Linux
  • Title: Fully Automated Installation Administrator Hashed Password Information Disclosure
  • Description: Fully Automated Installation (FAI) is a non interactive, scalable system to install a Debian GNU/Linux operating system on a PC cluster. An information disclosure issue occurs due to a design error in the affected application. Debian Linux 3.1 is affected.
  • Ref: http://www.informatik.uni-koeln.de/fai/
  • 06.50.25 - CVE: CVE-2006-5158
  • Platform: Linux
  • Title: Linux Kernel NFS LockD Dereference Remote Denial of Service
  • Description: The Linux kernel is vulnerable to a remote denial of service issue due to a null dereference when mixing "-olock" and "-onolock" on the same client. Linux kernel versions 2.6.15.4 and earlier are vulnerable.
  • Ref: http://www.kernel.org/
  • 06.50.26 - CVE: CVE-2006-5648
  • Platform: Linux
  • Title: Linux Kernel Robust_List Local Denial of Service
  • Description: The Linux kernel is prone to a denial of service issue. The problem occurs because of improper lock handling in the "sys_get_robust_list" and "sys_set_robust_list" functions on a PowerPC system.
  • Ref: http://www.securityfocus.com/bid/21582
  • 06.50.27 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Do_Coredump Security Bypass
  • Description: Linux Kernel is vulnerable to an issue that can allow local unauthorized attackers to modify certain files. This is due to a design error with the "do_coredump()" function of the "fx/exec.c" file. Linux Kernel versions prior to 2.6.19.1 are vulnerable.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.1
  • 06.50.28 - CVE: CVE-2006-6474
  • Platform: Linux
  • Title: McAfee VirusScan For Linux Insecure DT_RPATH Remote Code Execution
  • Description: McAfee VirusScan For Linux is prone to a remote code execution vulnerability because the application incorrectly includes the current directory when it looks for a file. If the current directory has a malicious Extended Link and Format DSO file, then the affected application will perform a VirusScan on the file, triggering this issue. Version 4510e and prior are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21592/info
  • 06.50.29 - CVE: CVE-2006-6105
  • Platform: Linux
  • Title: GNOME Display Manager GDMChooser Local Format String
  • Description: GNOME Display Manager (GDM) is a utility harnessed by GNOME to manage various functions when interfacing with X. GDM is vulnerable to a local format string issue because it fails to properly sanitize user-supplied input to the "name" parameter. See the advisory for further details.
  • Ref: http://www.securityfocus.com/archive/1/454426
  • 06.50.30 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris LD.SO Multiple Local Vulnerabilities
  • Description: Solaris "ld.so" component is prone to multiple vulnerabilities. A local directory traversal vulnerability resides in ld.so due to inadequate sanitization of user-supplied data to the "LANG" environmental variables. A local stack-based buffer overflow vulnerability resides in the ld.so internal "doprf()" function due to inadequate bounds checking of precision padding characters when printing a numerical format specifier. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1&searchclause=
  • 06.50.31 - CVE: CVE-2006-5874
  • Platform: Cross Platform
  • Title: Clam Anti-Virus MIME Attachments Denial of Service
  • Description: Clam Anti-Virus (ClamAV) is an anti-virus application for Windows and UNIX like operating systems. It is exposed to a denial of service issue because it fails to handle certain file types. Specifically, the vulnerability exists when the application processes base64-encoded MIME attachments. This results in a NULL pointer dereference crashing the affected application. ClamAV versions prior to 0.88.4-2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/453968
  • 06.50.32 - CVE: CVE-2006-6379
  • Platform: Cross Platform
  • Title: CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow
  • Description: Computer Associates (CA) BrightStor ARCserve Backup products provide backup and restore protection for multiple platforms. It is affected by an unspecified remote buffer overflow vulnerability that may allow an attacker to execute arbitrary code on a vulnerable computer with SYSTEM privileges or cause a denial of service condition. Multiple products and versions are affected. Ref: http://www3.ca.com/blogs/posting.aspx?id=90744&pid=96149&date=2006/12
  • 06.50.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Identity Manager Local Information Disclosure
  • Description: IBM Tivoli Identity Manager is an automated policy based user management solution. It is exposed to a local information disclosure issue that arises due to a design error. IBM Tivoli Identity Manager 4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/21570
  • 06.50.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Netwin SurgeFTP SurgeFTPMGR.CGI Multiple Input Validation Vulnerabilities
  • Description: Netwin SurgeFTP is prone to multiple input validation vulnerabilities. Version 2.3a1 is reportedly vulnerable. Please see the advisory for further information.
  • Ref: http://www.securityfocus.com/bid/21534
  • 06.50.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hewlett Packard Integrated Lights Out Remote Unauthorized Access
  • Description: The HP Integrated Lights Out firmware application is used to perform remote administration of HP computer hardware. It is prone to an unspecified remote unauthorized access vulnerability that exists when SSH key based authentication is used. Versions 2-1.11 prior and versions 1-1.87 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21575
  • 06.50.36 - CVE: CVE-2006-6222, CVE-2006-5822, CVE-2006-4902
  • Platform: Cross Platform
  • Title: Symantec NetBackup BPCD Daemon Multiple Remote Vulnerabilities
  • Description: NetBackup is a network enabled backup solution from Symantec. It is prone to a couple of buffer overflow issues and a privilege escalation vulnerability which affect the "bpcd" daemon. These vulnerabilities affect all builds and platforms of NetBackup Enterprise Server and client are vulnerable. NetBackup Server and client versions 5.0, 5.1, and 6.0 are also vulnerable.
  • Ref: http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
  • 06.50.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ProFTPD Controls Module Local Buffer Overflow
  • Description: ProFTPD is an FTP server vulnerability. It is exposed to a local stack based buffer overflow issue. The issue only exists when compiled with "mod_ctrls" support and the module is enabled. ProFTPD version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21595
  • 06.50.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CMS Made Simple SearchInput Cross-Site Scripting
  • Description: CMS Made Simple is a content manager application. The application is exposed to a cross-site scripting issue due to improper sanitization of user-supplied input to the "searchinput" parameter of the "index.php" script. This issue affects version 0.10.2.
  • Ref: http://www.cmsmadesimple.org/
  • 06.50.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MaviPortal Arama.ASP Cross-Site Scripting
  • Description: MaviPortal is a web-based application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "a_r_a_n_a_c_a_k" parameter of the "arama.asp" script. All versions are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21512
  • 06.50.40 - CVE: CVE-2006-6420
  • Platform: Web Application - Cross Site Scripting
  • Title: JCE Admin Component for Joomla Multiple Cross Site Scripting Vulnerabilities
  • Description: JCE Admin Component for Joomla is a WYSIWYG editor. It is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input to the "img", "title", "w" and "h" parameters of the "jce.php" script. JCE Admin versions 1.1.0 beta 2 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21496
  • 06.50.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cPanel BoxTrapper Manage.HTML Cross-Site Scripting
  • Description: cPanel BoxTrapper is an anti spam utility for cPanel. The application is exposed to a cross-site scripting issue due to improper sanitization of user-supplied input to the "account" parameter of the "manage.html" script. cPanel version 11 is affected.
  • Ref: http://www.securityfocus.com/bid/21497
  • 06.50.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Web Hosting Manager Multiple Cross-Site Scripting Vulnerabilities
  • Description: Web Hosting Manager is a server administration automation tool. It is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied URI data. Version 3.1.0 is affected.
  • Ref: http://www.cpanel.net/index.html
  • 06.50.43 - CVE: CVE-2006-6413
  • Platform: Web Application - Cross Site Scripting
  • Title: Amateras SNS Unspecified Cross-Site Scripting
  • Description: Amateras SNS (Simple News System) is a News Manager application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to unspecified parameters and scripts. Amateras SNS versions 3.11 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/21489
  • 06.50.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GenesisTrader Multiple Input Validation Vulnerabilities
  • Description: GenesisTrader is a file exchange application. The application is exposed to multiple input validation vulnerabilities due to insufficient sanitization of user-supplied input. GenesisTrader version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21595
  • 06.50.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DUdirectory Multiple SQL Injection Vulnerabilities
  • Description: DUdirectory is a free link listing application implemented in ASP. The application is exposed to multiple SQL injection issues due to insufficient sanitization of user-supplied input before using it in SQL queries. DUware DUdirectory 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/21485
  • 06.50.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Fantastic News News.PHP SQL Injection
  • Description: Fantastic News is a web-based application implemented in PHP. The application is exposed to an SQL injection issue due to improper sanitization of user-supplied input before using it in an SQL query. Fantastic Scripts Fantastic News version 2.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/21450
  • 06.50.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AppIntellect SpotLight CRM Login.ASP SQL Injection
  • Description: AppIntellect SpotLight CRM is a web-based content manager application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied data to the username and password fields of the "login.asp" script. AppIntellect SpotLight CRM version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21521
  • 06.50.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HR Assist VdateUsr.ASP SQL Injection
  • Description: HR Assist is an application for human resources administration. It is prone to an SQL injection issue because it fails to properly sanitize user-supplied input to the "UserName" parameter of "vdateUsr.asp" before using it in an SQL query. HR assist version 1.05 is affected and other versions may also be vulnerable.
  • Ref: http://www.securityfocus.com/bid/21533
  • 06.50.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Lotfian Request For Travel ProductDetails.ASP SQL Injection
  • Description: Request For Travel is a web portal for leisure travel sites. It is implemented in ASP and VBScript. The application is exposed to an SQL injection issue due to insufficient sanitization of user-supplied data to the "PID" parameter of the "ProductDetails.asp" script before using it in an SQL query. Version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21536
  • 06.50.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasyFill Multiple Unspecified SQL Injection Vulnerabilities
  • Description: EasyFill is a content manager application. It is exposed to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied input to unspecified parameters and scripts before using it in an SQL query. EasyFill version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/21557
  • 06.50.52 - CVE: Not Available
  • Platform: Web Application
  • Title: Mantis Custom Fields Information Disclosure
  • Description: Mantis is a web-based bug tracking system. It is prone to an information disclosure vulnerability due to an unspecified error when handling "custom" fields. Versions prior to 1.1.0a2 are reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/21566
  • 06.50.53 - CVE: Not Available
  • Platform: Web Application
  • Title: ProNews Multiple Input Validation Vulnerabilities
  • Description: ProNews is a web-based application. It is exposed to multiple input validation issues due to improper sanitization of user-supplied input. ProNews version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/21516
  • 06.50.54 - CVE: Not Available
  • Platform: Web Application
  • Title: ProNews Change.PHP Authentication Bypass
  • Description: ProNews is a web-based application. It is vulnerable to an authentication bypass issue due to insufficient authentication checking in the "admin/change.php" script. ProNews version 1.5 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21559
  • 06.50.55 - CVE: Not Available
  • Platform: Web Application
  • Title: Messageriescripthp Multiple Input Validation Vulnerabilities
  • Description: Messageriescripthp is a message system. It is prone to multiple input validation issues because it fails to sufficiently sanitize user-supplied data to various parameters of various scripts. Messageriescripthp version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/21513
  • 06.50.56 - CVE: Not Available
  • Platform: Web Application
  • Title: KDPics Multiple Input Validation Vulnerabilities
  • Description: KDPics is a web-based photo album application implemented in PHP. The application is exposed to multiple input validation issues due to improper sanitization of user-supplied input. KDPics version 1.16 and prior are affected.
  • Ref: http://www.kdland.org/kdpics/
  • 06.50.57 - CVE: Not Available
  • Platform: Web Application
  • Title: MidiCart PHP Multiple Input Validation and Authentication Bypass Vulnerabilities
  • Description: MidiCart PHP is an ecommerce application. It is exposed to an input validation issue because it fails to sufficiently sanitize user-supplied data to the "Qty" field of the "View Cart" feature before calculating price totals. Also an authentication bypass affects the "/admin/add.php" script because it fails to authenticate the requester prior to providing access to the page thus allowing arbitrary script code to be uploaded to the "/images" directory.
  • Ref: http://www.securityfocus.com/bid/21500
  • 06.50.58 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBB Toplist Multiple HTML Injection Vulnerabilities
  • Description: phpBB Toplist is a rating application implemented in PHP. The application is exposed to multiple HTML injection issues due to improper sanitization of user-supplied input before using it in dynamically generated content. The vulnerabilities affect the "name" and "information" fields of the "Toplist.php" script. Version 1.3.7 is affected.
  • Ref: http://www.phpbb.com/
  • 06.50.59 - CVE: Not Available
  • Platform: Web Application
  • Title: JCE Admin Component for Joomla Multiple Local File Include Vulnerabilities
  • Description: JCE Admin Component for Joomla is a WYSIWYG editor based on Moxiecode's TinyMCE. The application is exposed to multiple local file inclusion issues due to improper sanitization of user-supplied input to the "plugin" and "file" parameters of the "jce.php" script. JCE Admin versions 1.1.0 beta 2 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/21491
  • 06.50.60 - CVE: CVE-2006-6442
  • Platform: Web Application
  • Title: AOL CDDBControl ActiveX Control Buffer Overflow
  • Description: AOL CDDBControl ActiveX control is exposed to a stack-based buffer overflow issue because the software fails to check user-supplied input before copying it into insufficiently sized memory buffers. This issue affects AOL version 7.0 revision 4114.563, AOL version 8.0 revision 4129.230 and AOL version 9.0 Security Edition revision 4156.910.
  • Ref: http://secunia.com/secunia_research/2006-69/advisory/
  • 06.50.61 - CVE: Not Available
  • Platform: Web Application
  • Title: MXBB NewsSuite Module Newssuite_Constants.PHP Remote File Include
  • Description: The NewsSuite module for the mxBB bulletin board is a news application. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mx_root_path" parameter of the "newssuite_constants.php" script. NewsSuite version 1.5 is vulnerable and other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21573
  • 06.50.62 - CVE: Not Available
  • Platform: Web Application
  • Title: MXBB KB_Mods Module KB_Constants.PHP Multiple File Include Vulnerabilities
  • Description: kb_mods is a knowledge base module for the mxBB bulletin board; it is implemented in PHP. The "kb_constants.php" script is prone to several issues. Version 2.0.2 is reportedly vulnerable. Please see the advisory for further issues.
  • Ref: http://www.securityfocus.com/bid/21577
  • 06.50.63 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpAlbum Language.php Local File Include
  • Description: PhpAlbum is a web-based photo album. It is exposed to a local file include issue due to improper sanitization of user-supplied input to the "pa_lang" parameter of the "language.php" script. PhpAlbum version 0.4.1 Beta 6 is affected.
  • Ref: http://www.phpalbum.net/
  • 06.50.64 - CVE: Not Available
  • Platform: Web Application
  • Title: MXBB Profile Control Panel Module Remote File Include
  • Description: The mxBB profile Control Panel module is an administration panel for the mxBB. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "module_root_path" parameter of the "profilcp_constants.php" script. mxBB Profile Control Panel Module version 0.91c is affected.
  • Ref: http://www.securityfocus.com/bid/21520
  • 06.50.65 - CVE: Not Available
  • Platform: Web Application
  • Title: TorrentFlux Downloaddetails.PHP Directory Traversal
  • Description: TorrentFlux is a web-based torrent client written in PHP. TorrentFlux is prone to a directory traversal issue due to improper sanitization of user-supplied input to the "alias" parameter of the "downloaddetails.php" script. TorrentFlux version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21525
  • 06.50.66 - CVE: Not Available
  • Platform: Web Application
  • Title: TorrentFlux Maketorrent.PHP Remote Command Execution
  • Description: TorrentFlux is a web-based torrent client. The application is exposed to a command execution issue due to insufficient sanitization of user-supplied input to the "announce" parameter of the "maketorrent.php" script. TorrentFlux version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21526/info
  • 06.50.67 - CVE: Not Available
  • Platform: Web Application
  • Title: dadaIMC Default .HTAccess Configuration Arbitrary File Upload
  • Description: dadaIMC is a content management system. The application is exposed to an arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. dadaIMC versions 0.99.3 and earlier are vulnerable.
  • Ref: www.dadaimc.org
  • 06.50.68 - CVE: CVE-2006-6482,CVE-2006-6483
  • Platform: Web Application
  • Title: ColdFusion Multiple Input Validation Vulnerabilities
  • Description: Adobe ColdFusion is an application server and software development framework used for creating dynamic web-based content. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied data to various scripts. Adobe ColdFusion MX7 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21532
  • 06.50.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Winamp Web Interface Multiple Remote Vulnerabilities
  • Description: Winamp Web Interface is an open source plugin for Winamp that allows users to access Winamp through a browser. The application is exposed to multiple remote issues due to insufficient sanitization of user-supplied data. Winamp Web Interface version 7.5.13 is affected.
  • Ref: http://www.securityfocus.com/bid/21539
  • 06.50.70 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM WebSphere Host On-Demand Authentication Bypass
  • Description: IBM WebSphere Host On-Demand is a product that is included with the IBM Host Access Client package and the IBM WebSphere Host Integration Solution package. It is exposed to an authentication bypass issue because the application fails to properly authenticate users when they attempt to access several web pages containing Java applets. IBM WebSphere Host On-Demand versions 6.0, 7.0, 8.0 and 9.0 are affected.
  • Ref: http://www-306.ibm.com/software/webservers/hostondemand/
  • 06.50.71 - CVE: Not Available
  • Platform: Web Application
  • Title: MXBB ErrorDocs Module Module_Root_Path Remote File Include
  • Description: The mxBB ErrorDocs module for the mxBB bulletin board is vulnerable to a remote file include vulnerability due to insufficient sanitization of user-supplied input to the "module_root_path" parameter of the "common.php" script. mxBB ErrorDocs module version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21543
  • 06.50.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Barman Interface.PHP Remote File Include
  • Description: Barman is a web-based application. It is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "basePath" parameter of the "interface.php" script. Barman version 0.0.1r3 affected.
  • Ref: http://www.securityfocus.com/bid/21544
  • 06.50.73 - CVE: CVE-2006-5767
  • Platform: Web Application
  • Title: Blog:CMS NP_UserSharing.PHP Remote File Include
  • Description: CMS is a content manager implemented in PHP. The application is exposed to a remote file include issue due to improper sanitization of user-supplied input to the "DIR_ADMIN" parameter of the "NP_UserSharing.php" script. BLOG:CMS 4.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/21551
  • 06.50.74 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenLDAP Server Kerveros 4 Bind Request Buffer Overflow
  • Description: OpenLDAP is a freely available LDAP (Lightweight Directory Access Protocol) client and server suite. OpenLDAP server is exposed to a remote stack based buffer overflow issue because it fails to properly bounds check user-supplied input. OpenLDAP versions 2.4.3 and earlier are vulnerable.
  • Ref: http://www.phreedom.org/solar/exploits/openldap-kbind/ http://www.openldap.org/
  • 06.50.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Work System ECommerce Forum.PHP Remote File Include
  • Description: Work system e-commerce is a content management system. It is exposed to a remote file include issue due to insufficient sanitization of user-supplied input to the "g_include" parameter of the "/work/module/forum/forum.php" script. Work system e-commerce versions 3.0.4 and 3.0.3 are affected.
  • Ref: http://sourceforge.net/projects/worksystem/
  • 06.50.76 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyCMS Basic.Inc.PHP Remote File Include
  • Description: phpMyCMS is content management system. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "basepath_start" parameter of the "path/basic.inc.php" script. phpMyCMS version 0.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/21583
  • 06.50.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Netscape Browser Address Denial of Service
  • Description: Netscape Browser is exposed to a denial of service issue as the application fails to properly handle invalid user-supplied URLs. Netscape Browser version 8.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/21586/info
  • 06.50.78 - CVE: Not Available
  • Platform: Web Application
  • Title: w00t Gallery Index.PHP Remote Authentication Bypass
  • Description: w00t Gallery is web-based photo gallery. It is prone to a remote authentication bypass vulnerability due to a failure in the application to properly verify authentication credentials in the "index.php" script. w00t Gallery version 1.4.0 is affected and prior versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/21590
  • 06.50.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Multiple Input Validation Vulnerabilities
  • Description: Moodle is an open source course management system. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. Moodle versions 1.6.1 and earlier are vulnerable.
  • Ref: http://moodle.org/
  • 06.50.80 - CVE: CVE-2006-4099
  • Platform: Web Application
  • Title: Drupal Chat Room Session Hijacking and Information Disclosure Vulnerabilities
  • Description: Drupal Chat Room is chat room module for the Drupal content management system. It is exposed to a session hijacking issue and information disclosure issue as the application displays private messages in the "last message" section that is accessible by all members of the chat room. Drupal Chatroom 4.7.0-1.0-dev is affected.
  • Ref: http://drupal.org/node/102614
  • 06.50.81 - CVE: Not Available
  • Platform: Web Application
  • Title: ThinkEdit Render.PHP Remote File Include
  • Description: ThinkEdit is a content management system. It is exposed to a remote file include issue due to improper sanitization of user-supplied input to the "template_file" parameter of the "/design/thinkedit/render.php" script. ThinkEdit version 1.9.2 is affected.
  • Ref: http://www.thinkedit.org/think/
  • 06.50.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Help Tip Unspecified Multiple Input Validation Vulnerabilities
  • Description: Drupal Help Tip is a module that adds help messages and tips to pages in Drupal CMS. It is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. It is also prone to multiple cross-site scripting issues because "Node titles" are not sanitized prior to being rendered in "block titles". Drupal Help Tip versions prior to 4.7.x-1.0 are affected.
  • Ref: http://drupal.org/node/102605
  • 06.50.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Bluetrait Multiple Unspecified SQL Injection Vulnerabilities
  • Description: Bluetrait is a web log application. It is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in an SQL query. Bluetrait versions 1.1.0 and 1.1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/21553
  • 06.50.84 - CVE: CVE-2006-6305
  • Platform: Network Device
  • Title: Net-SNMP SNMPD.Conf Tokens Security Restriction Bypass
  • Description: The Net-SNMP package provides tools and libraries relating to the Simple Network Management Protocol. This application is exposed to a security restriction bypass issue. Net-SNMP version 5.3 is affected.
  • Ref: http://www.net-snmp.org/
  • 06.50.85 - CVE: Not Available
  • Platform: Hardware
  • Title: D-Link DWL-2000AP+ ARP Handling Multiple Remote Denial of Service Vulnerabilities
  • Description: D-Link DWL-2000AP+ is an 802.11b-compatible wireless access point. The device is exposed to denial of service issues. DWL-200AP+ Firmware version 2.11 is affected.
  • Ref: http://www.securityfocus.com/bid/21541

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The perfect balance of theory and hands on experience.
-James d. Perry II, University of Tennessee

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP