Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VI, Issue: 39
September 24, 2007

SANS Newsletters Home

A backup product is once again on the "critical list" and again it is CA's ARCServe. A big problem is that many people think back up software patches automatically. It doesn't. If you use ARCServe, quick action is really important. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ----------------------- -------------------------------------
    • Other Microsoft Products
    • 3
    • Third Party Windows Apps
    • 17 (#1, #4, #7, #9, #10, #11)
    • Linux
    • 4
    • HP-UX
    • 1
    • BSD
    • 1
    • Cross Platform
    • 16 (#2, #3, #5, #6, #8)
    • Other
    • 1 (#12)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection
    • 8
    • Web Application
    • 24

************************* Sponsored By SANS ********************************

Team with your Security, Operations and Help Manager and attend the Data Leakage and Insider Threat Summit December 3-4. Listen to the hard 'lessons learned' from other companies and agencies who have deployed data leakage prevention programs. Learn what software and hardware solutions are available and see how other have used them. http://www.sans.org/info/16991

****************************************************************************

TRAINING UPDATE Where can you find Hacker Exploits, Security Essentials and SANS other top-rated courses? New Orleans (1/12-1/17): http://www.sans.org/security08/event.php Washington DC (12/13-12/18): http://www.sans.org/london07/ Chicago (11/2-11/7): http://www.sans.org/chicago07/event.php Tokyo (11/5-11/10): http://www.sans.org/sanstokyo2007_autumn/event.php London (11/26 - 12/1): http://www.sans.org/london07/ Plus in 100 other cities and even on-line at your convenience. How good are the courses? Here's what past attendees said: "An extraordinary amount of information covered in a week, backed up with excellent documentation for those long winter nights." (Keith Mellism, Canada Life) "This course has valuable information that can be implemented immediately in the work place." (Christopher O'Brien, Booz Allen Hamilton) "You will never ever find anything more valuable than SANS super knowledge. Worth the price!!" (Carlos Fragoso, CESCA)

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
BSD
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: IBM Tivoli Storage Manager Multiple Vulnerabilities
  • Affected:
    • IBM Tivoli Storage Manager and Storage Manager Express Clients versions 5.1 through 5.4

  • Description: IBM Tivoli Storage Manager is IBM's enterprise storage management solution. The client component of this application contains multiple vulnerabilities. A flaw in the Client Acceptor Daemon (CAD) can lead to a buffer overflow. Successfully exploiting this buffer overflow could lead to an attacker executing arbitrary code with the privileges of the vulnerable process. Additionally, an undisclosed flaw in the scheduling component can lead to data disclosure and possibly other vulnerabilities. Some technical details for the buffer overflow vulnerabilities are publicly available.

  • Status: IBM confirmed, updates available.

  • References:
  • (3) HIGH: OpenOffice.org TIFF Image Parsing Integer Overflow
  • Affected:
    • OpenOffice.org versions prior to 2.3

  • Description: OpenOffice.org is a popular cross-platform open source office suite. OpenOffice.org fails to properly handle certain malformed Tagged Image File Format (TIFF) image files. A specially crafted TIFF image file could lead to an integer overflow. Successfully exploiting this overflow could lead to arbitrary code execution with the privileges of the current user. Note that this vulnerability may be exploited by image files embedded in other documents; such documents may be opened in OpenOffice.org without first prompting the user. OpenOffice.org is installed by default on many Unix, Unix-like, and Linux operating systems, and is commonly installed on Microsoft Windows systems. Technical details for this vulnerability are available via source code analysis.

  • Status: OpenOffice.org confirmed, updates available.

  • References:
  • (4) HIGH: Sun Java Web Start ActiveX Control Buffer Overflow
  • Affected:
    • Sun Java Runtime Environment versions 1.6.0 and prior

  • Description: Sun Java Web Start is a method of distributing Java-based applications via the web. Facilities for using Web Start are included in the Sun Java Runtime Environment. On Microsoft Windows, these facilities include an ActiveX control. This ActiveX control contains a buffer overflow in its "dnsResolve" method. A specially crafted web page that instantiates this control could exploit this vulnerability to execute arbitrary code with the privileges of the current user. The Sun Java Runtime Environment is very often installed on Microsoft Windows systems. A proof-of-concept for this vulnerability is publicly available.

  • Status: Sun has not confirmed, no updates available. Users can partially mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kil lbit" mechanism for CLSID "5852F5ED-8BF4-11D4-A245-0080C6F74284". Note that this will disable normal application functionality.

  • References:
  • (6) MODERATE: VMware Workstation DHCP Server Multiple Vulnerabilities
  • Affected:
    • VMware Workstation versions prior to 6.0.1 build 55017

  • Description: VMware Workstation, VMware's popular virtualization product, contains multiple vulnerabilities in its Dynamic Host Configuration Protocol (DHCP) server, used to dynamically configure clients' network settings. A specially crafted DHCP request or web page could exploit these vulnerabilities to execute arbitrary code with the privileges of the vulnerable process. The exact exploitation vectors are currently undisclosed.

  • Status: VMware confirmed, updates available.

  • References:
  • (7) MODERATE: Pegasus Mercury/32 IMAP Server SEARCH Command Buffer Overflow Affected; Pegasus Mercury/32 version 4.52 and prior

  • Description: Pegasus Mercury/32 IMAP is a popular IMAP server for Microsoft Windows. The server fails to properly handle overlong IMAP SEARCH commands. A specially crafted IMAP SEARCH command could trigger a buffer overflow and allow an authenticated user to execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). A proof-of-concept for this vulnerability is publicly available. Note that an attacker would need valid login credentials to exploit this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Other Software
  • (9) HIGH: Ipswitch IMail SMTP Buffer Overflow
  • Affected:
    • Ipswitch IMail Server versions 8.01 - 8.11

  • Description: Ipswitch IMail, a popular mail server for Microsoft Windows, contains a buffer overflow vulnerability in its Simple Mail Transport Protocol (SMTP) module. An email transiting a vulnerable server would be able to exploit this buffer overflow to execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). A proof-of-concept and full technical details for this vulnerability are publicly available.

  • Status: Ipswitch has not confirmed, no updates available.

  • References:
  • (10) MODERATE: NetSupport Manager Client Authentication Bypass Vulnerability
  • Affected:
    • NetSupport Manager Client versions prior to 10.20.0004

  • Description: NetSupport Manager, a popular desktop support package, contains an authentication bypass vulnerability in its client application. An attacker could exploit this vulnerability to access and completely take control of a vulnerable system without authentication. No further technical details are available for this vulnerability.

  • Status: NetSupport confirmed, updates available.

  • References:
  • (11) MODERATE: MW6 Technologies QRCode ActiveX Control Multiple Vulnerabilities
  • Affected:
    • MW6 Technologies QRCode ActiveX control version 3.0 and prior

  • Description: MW6 Technologies provides popular software for the reading and encoding of barcodes and barcoded data. The QRCode ActiveX control provides access to these capabilities as an ActiveX component. This control contains multiple arbitrary file creation and overwriting vulnerabilities. A specially crafted web page that instantiates this control could trigger one of these vulnerabilities and overwrite arbitrary files on the system with the privileges of the current user. Depending on which files are overwritten, remote code execution or other exploit conditions may result. A proof-of-concept for this vulnerability is publicly available.

  • Status: Vendor has not confirmed,n o updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism for CLSID 3BB56637-651D-4D1D-AFA4-C0506F57EAF8.

  • References:
  • (12) LOW: Alcatel-Lucent OmniPCX Unified Maintenance Tool Remote Command Execution
  • Affected:
    • Alcatel-Lucent OmniPCX Enterprise versions R7.1 and prior

  • Description: The Alcatel-Lucent OmniPCX Unified Maintenance Tool is used by telephony support technicians to monitor and display information about telephony systems. This tool provides a web-based interface to its functionality. A specially crafted request to this web interface can result in arbitrary commands being executed with the privileges of the web server process. A proof-of-concept and full technical details are available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 39, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 07.39.1 - CVE: CVE-2007-4916
  • Platform: Other Microsoft Products
  • Title: Microsoft MFC Library CFileFind::FindFile Buffer Overflow
  • Description: The CFileFind::FindFile method in the MFC library for Microsoft Windows is exposed to a buffer overflow issue due to a failure of the method to perform adequate boundary checks of user-supplied input. The MFC library included with Microsoft Windows XP SP2 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/611008
  • 07.39.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
  • Description: Microsoft Process Monitor is a utility designed to allow users to monitor various system events in real time for Microsoft Windows operating systems. It was originally developed by SysInternals. The application is exposed to multiple local issues. Process Monitor version 1.22 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft RegMon SSDT Hooks Multiple Local Vulnerabilities
  • Description: Microsoft RegMon is a utility designed to allow users to monitor various registry-modification and access events in real time for Microsoft Windows operating systems. It was originally developed by SysInternals. The application is exposed to multiple local issues. RegMon version 7.04 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple HP Products hpqutil.dll ActiveX Control Heap Buffer Overflow
  • Description: HP All-in-One Series Web Release and HP Photo and Image Gallery are exposed to a heap-based buffer overflow issue because the applications fail to perform adequate boundary checks on user-supplied data.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.39.5 - CVE: CVE-2007-0326
  • Platform: Third Party Windows Apps
  • Title: PhotoChannel Networks Photo Upload Plugin ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: Photo Upload Plugin ActiveX control from PhotoChannel Networks Inc. is a photograph uploading utility designed for providers of photo services. The ActiveX control is exposed to multiple buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied data. Photo Upload Plugin versions prior to 2.0.0.10 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/854769
  • 07.39.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Media Player Classic Remote Malformed Video File Remote Denial of Service
  • Description: Media Player Classic is a multimedia-playback application for the Microsoft Windows operating system. The application is exposed to a remote denial of service issue because the application fails to handle malformed video files with the length of the file set to zero. Media Player Classic versions prior to 6.4.9.2 are affected.
  • Ref: http://www.securityfocus.com/bid/25686
  • 07.39.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: MW6 Technologies QRCode ActiveX is an ATL-based control used for handling QRCode 2D barcodes. The control is exposed to multiple arbitrary file overwrite issues because it fails to sanitize user-supplied input to the "SaveAsBMP" and "SaveAsWMF" methods of the "MW6QRCode.dll" library. QRCode ActiveX version 3.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.39.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities
  • Description: G DATA Internet Security is a personal security suite for Microsoft Windows operating systems. The application is exposed to multiple local issues. Specifically, the application's kernel-mode driver used for hooking the SSDT (System Service Dispatch Table) fails to properly validate data passed to it from userspace. G DATA InternetSecurity 2007 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities
  • Description: Ghost Security Suite is security software for Microsoft Windows operating systems. The application is exposed to multiple local issues. Ghost Security Suite beta version 1.110 and alpha version 1.200 are affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities
  • Description: Online Armor Personal Firewall is a personal security suite for Microsoft Windows operating systems. The application is exposed to multiple local issues. Online Armor Personal Firewall version 2.0.1.125 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Privatefirewall SSDT Hooks Multiple Local Vulnerabilities
  • Description: Privatefirewall is a firewall application for Microsoft Windows operating systems. The application is exposed to multiple local issues. Privatefirewall version 5.0.14.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.12 - CVE: CVE-2007-3286
  • Platform: Third Party Windows Apps
  • Title: Avaya IP Softphone ActiveX Controls Multiple Buffer Overflow Vulnerabilities
  • Description: Avaya IP Softphone is a commercially available IP Telephony application. The application is exposed to multiple buffer overflow issues because the software fails to perform adequate boundary checks on user-supplied data. Avaya IP Softphone versions 5.2 and 6.0 are affected.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm
  • 07.39.13 - CVE: CVE-2007-4827
  • Platform: Third Party Windows Apps
  • Title: Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX Control Heap Buffer Overflow
  • Description: Automated Solutions Modbus RTU/ASCII/TCP Slave is an ActiveX control supporting Modbus-compatible devices. The control is exposed to a heap-based buffer overflow issue because the software fails to perform adequate boundary checks on user-supplied data. The problem occurs in "MiniHMI.exe" when processing malformed Modbus requests through TCP port 502.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-07-15
  • 07.39.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DiamondCS ProcessGuard SSDT Hooks Multiple Local Vulnerabilities
  • Description: ProcessGuard is security software for Microsoft Windows operating systems. The application is exposed to multiple local issues. ProcessGuard version 3.410 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ProSecurity SSDT Hooks Multiple Local Vulnerabilities
  • Description: ProSecurity is a commercially available Host Intrusion Prevention System (HIPS) for Microsoft Windows operating systems. The application is exposed to multiple local issues. ProSecurity version 1.40 beta 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479830
  • 07.39.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: COWON America jetAudio JetFlExt.dll ActiveX Control Insecure Method
  • Description: jetAudio is an integrated multimedia player for use on the Microsoft Windows operating system. The application is exposed to an issue that lets attackers overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). This issue occurs due to a design error that allows improper or unauthorized access to the "DownloadFromMusicStore()" method. Furthermore, due to insufficient sanitization, directory traversal sequences can be used to place files in arbitrary locations. jetAudio version 7.0.3 Basic is affected.
  • Ref: http://www.securityfocus.com/bid/25723
  • 07.39.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload
  • Description: Yahoo! Messenger CYFT ActiveX control is prone to an arbitrary file upload vulnerability because it fails to adequately sanitize user-supplied input. This issue affects the "GetFile()" method of the "ft60.dll" CYFT Object. Yahoo! Messenger version 8.1.0.421 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.39.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow
  • Description: Mercury/32 is a Mail Transport System available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. Mercury/32 version 4.52 is affected.
  • Ref: http://www.securityfocus.com/bid/25733
  • 07.39.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sun Java Web Start dnsResolve ActiveX Control Buffer Overflow
  • Description: Sun Java Web Start is a utility included in the Java Runtime Environment. It enables Java applications to launch either from a desktop or from a web page. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when passing excessive amounts of data to the "dnsResolve()" method. Sun Java Web Start included with Sun JRE version 1.6.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.39.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow
  • Description: Xunlei Web Thunder is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs when a large amount of data is passed to the "DownURL2()" method. Xunlei Web Thunder version 5.6.8.344 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 07.39.21 - CVE: CVE-2007-3740
  • Platform: Linux
  • Title: Linux Kernel CIFS Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue due to an error in the CIFS filesystem. Specifically, the umask value is ignored, allowing attackers to access other users' files.
  • Ref: https://rhn.redhat.com/errata/RHSA-2007-0705.html
  • 07.39.22 - CVE: Not Available
  • Platform: Linux
  • Title: inotify-tools C Library inotifytools_snfprintf() Local Buffer Overflow
  • Description: inotify-tools is a C library and command-line tool set that provides an interface with the Linux inotify file notification system. The application is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. inotify-tools versions prior to 3.11 are affected.
  • Ref: http://www.securityfocus.com/bid/25724
  • 07.39.23 - CVE: Not Available
  • Platform: Linux
  • Title: Dibbler Multiple Memory Corruption Vulnerabilities
  • Description: Dibbler is a portable implementation of the DHCPv6 protocol and is available for the Linux operating system. The application is exposed to multiple memory corruption issues. Dibbler version 0.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25726
  • 07.39.24 - CVE: CVE-2004-0813
  • Platform: Linux
  • Title: PAM IDE-CD SG_IO Security Bypass
  • Description: PAM (Pluggable Authentication Modules) is used to integrate low-level authentication with high-level APIs. The application is exposed to a security bypass issue because it fails to restrict access to recordable CD devices.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0465.html
  • 07.39.25 - CVE: Not Available
  • Platform: HP-UX
  • Title: HP-UX Logins Command Remote Unauthorized Access
  • Description: HP-UX includes a "logins" command that is designed to display user account information to administrators. The application is exposed to a remote unauthorized access issue due to a failure of the software to properly report password status to administrators. HP-UX versions B.11.31, B.11.23 and B.11.11 are affected.
  • Ref: http://www.securityfocus.com/bid/25740
  • 07.39.26 - CVE: CVE-2007-3654
  • Platform: BSD
  • Title: NetBSD Vga_allocattr Local Denial of Service
  • Description: NetBSD is a free multi-platform BSD UNIX-based operating system. The application is exposed to a local denial of service issue. The problem occurs when a malicious local user passes overly large values to display driver "allocattr" functions via an "ioctl" call. NetBSD-3 branch, NetBSD-3-0 branch, NetBSD-3-1 branch, NetBSD-4 branch, and NetBSD-current are affected.
  • Ref: http://www.securityfocus.com/bid/25682
  • 07.39.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Boa Administrator Password Overwrite Authentication Bypass
  • Description: Boa Webserver is a single-tasking HTTP webserver. The application is exposed to an authentication bypass issue because the application fails to ensure that "admin" passwords are not overwritten. Boa version 0.93.15 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479434
  • 07.39.28 - CVE: CVE-2007-4750, CVE-2007-4751
  • Platform: Cross Platform
  • Title: RemoteDocs R-Viewer Remote Code Execution and Information Disclosure Vulnerabilities
  • Description: RemoteDocs R-Viewer is a secure document viewer developed by RemoteDocs. The application is exposed to multiple issues, including a remote code execution issue that occurs because the application fails to handle specially crafted RDZ files, and an information disclosure issue that occurs because the application fails to protect unauthorized users from accessing directories with predictable names. R-Viewer version 1.6.2836 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479718
  • 07.39.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
  • Description: WinImage is a disk image management tool. The application is exposed to multiple issues when handling specially crafted disk image files. A denial of service issue affects the application FAT image handling function. The application fails to adequately validate the "BPB_BytsPerSec" IMG header value. A directory traversal issue can occur when the application extracts .IMG and .ISO files (other file types may also cause this issue). WinImage versions 8.0 and 8.10 are affected.
  • Ref: http://www.securityfocus.com/archive/1/479695
  • 07.39.30 - CVE: CVE-2007-2834
  • Platform: Cross Platform
  • Title: OpenOffice TIFF File Parser Buffer Overflow
  • Description: OpenOffice is a multi-platform office suite. Tagged Image File Format (TIFF) is a variable-resolution bitmapped image format. The application is exposed to a remote heap-based buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. The TIFF parser incorrectly relies on user-supplied values to calculate memory allocation.
  • Ref: http://rhn.redhat.com/errata/RHSA-2007-0848.html
  • 07.39.31 - CVE: CVE-2006-0575
  • Platform: Cross Platform
  • Title: Fcron Convert-FCronTab Directory Traversal
  • Description: Fcron is a command-scheduler daemon. Fcron ships with a utility named "convert-fcrontab" that performs crontab file format conversions. Fcron is exposed to a directory traversal issue because it fails to adequately sanitize user-supplied data. Fcron version 2.9.5 is affected.
  • Ref: http://www.trustix.org/errata/2006/0006/
  • 07.39.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Python ImageOP Module Multiple Integer Overflow Vulnerabilities
  • Description: The imageop module included with Python contains several methods designed to operate on image data. The application is exposed to multiple integer overflow issues due to a failure of the module to properly bounds check user-supplied input to ensure that integer operations do not overflow. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
  • 07.39.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GCALDaemon Content-Length Header Denial of Service
  • Description: GCALDaemon is a Java-based application that offers synchronization between Google Calendar and various other calendars. The application is exposed to a remote denial of service issue in the "org/gcaldaemon/core/http/HTTPListener.java" source file. GCALDaemon version 1.0-beta13 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479816
  • 07.39.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AirDefense M520 Multiple CGI Scripts Remote Denial of Service Vulnerabilities
  • Description: The AirDefense M520 is a security sensor for wireless networks. The M520 is exposed to a remote denial of service issue because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/bid/25715
  • 07.39.35 - CVE: CVE-2007-4496
  • Platform: Cross Platform
  • Title: VMware Workstation Unspecified Host Memory Corruption
  • Description: VMware Workstation is virtualization software that supports multiple operating platforms. The application is exposed to an unspecified memory corruption issue in a host process. Please refer to the link below for further information.
  • Ref: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
  • 07.39.36 - CVE: CVE-2007-0061, CVE-2007-0062, CVE-2007-0063
  • Platform: Cross Platform
  • Title: VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
  • Description: VMware Workstation is virtualization software available for various operating platforms. VMware Workstation's DHCP server is exposed to multiple remote code execution issues, including a stack-based buffer overflow issue when handling a malformed DHCP packet and a stack-based integer underflow issue when handling a malformed DHCP packet. VMware Workstation versions prior to 6.0.1 Build 55017 are affected.
  • Ref: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
  • 07.39.37 - CVE: CVE-2007-4569
  • Platform: Cross Platform
  • Title: KDE KDM Unspecified Password Authentication Bypass
  • Description: KDM is the window display manager for KDE. The application is exposed to an authentication bypass issue under certain circumstances because the application allows users to login to the affected application with no password even when passwords are enabled. KDM shipped with KDE versions 3.3.0 thru 3.5.7 are affected.
  • Ref: http://www.kde.org/info/security/advisory-20070919-1.txt
  • 07.39.38 - CVE: CVE-2007-4497
  • Platform: Cross Platform
  • Title: VMware Workstation Guest System Denial of Service
  • Description: VMware Workstation is virtualization software that supports multiple operating platforms. The application is exposed to a denial of service issue. Please refer to the link below for further information.
  • Ref: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
  • 07.39.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VMware Workstation Path Specification Local Privilege Escalation
  • Description: VMware Workstation is virtualization software that supports multiple operating platforms. The application tries to execute registered Windows services without using properly quoted paths.
  • Ref: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
  • 07.39.40 - CVE: CVE-2007-3916
  • Platform: Cross Platform
  • Title: SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation
  • Description: SKK Tools is a set of tools for SKK (Simple Kana Kanji Convertor), a Japanese input method system. The "main()" function of "skkdic-expr.c" creates temporary files with predictable filenames in an insecure manner. SKK Tools version 1.2 is affected.
  • Ref: http://security-tracker.debian.net/tracker/CVE-2007-3916
  • 07.39.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Storage Manager Client Multiple Vulnerabilities
  • Description: IBM Tivoli Storage Manager facilitates data backup and archiving. It is available for various platforms. The application is exposed to multiple issues. Tivoli Storage Manager client versions 5.1, V5.2, V5.3 and V5.4 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21268775
  • 07.39.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Acrobat Unspecified PDF File Security
  • Description: Adobe Acrobat Reader is a free document viewer for reading and commenting on PDF and PostScript files. The application is exposed to an unspecified issue when handling malicious PDF files.
  • Ref: http://www.securityfocus.com/bid/25748
  • 07.39.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Php-Stats Tracking.PHP Cross-Site Scripting
  • Description: Php-Stats is a web site statistics application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "ip" parameter of the "tracking.php" script. Php-Stats version 0.1.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/25664
  • 07.39.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: osCMax URL Cross-Site Scripting
  • Description: osCMax is an ecommerce application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input passed in a URL to the "catalog_products_with_images.php" script. osCMax version 2.0.0-RC3-0-1 is affected.
  • Ref: http://www.securityfocus.com/bid/25684
  • 07.39.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities
  • Description: TinyWebGallery is a web-based gallery application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to an unspecified parameter of the scripts "index.php", "i_frames/i_login.php" and "iframes/i_top_tags.php". TinyWebGallery version 1.6.3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/25689
  • 07.39.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: b1gMail hilfe.php Cross-Site Scripting
  • Description: b1gMail is a web-based email client application implemented in PHP with a MySQL backend. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "chapter" parameter of the "hilfe.php" script. b1gMail version 6.3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479761
  • 07.39.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Phormer Index.PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Phormer is a web-based picture gallery management application. The software is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "s", "c", "p" and "u" parameters of the "index.php" script. Phormer version 3.31 is affected.
  • Ref: http://www.securityfocus.com/bid/25742
  • 07.39.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Level One WBR3404TX Broadband Router RC Parameter Cross-Site Scripting Vulnerabilities
  • Description: Level One WBR3404TX is a Broadband Router. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user input. These issues occur in the web management panel. Specifically the issues affect the "DD" and "DU" parameters of the "ddns" script. Level One WBR3404TX firmware version R1.94p0vTIG is affected.
  • Ref: http://www.securityfocus.com/archive/1/479994
  • 07.39.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Vigile CMS Wiki Module Multiple Cross-Site Scripting Vulnerabilities
  • Description: Vigile CMS is a content management system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user input. This issue affects the "title" and "cat" parameters used by the wiki module. These issues only occur when the wiki module is installed. Vigile CMS version 1.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/480117
  • 07.39.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GForge Topic EditProfile.PHP SQL Injection
  • Description: Gforge is a web-based tool for collaborative development. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "skill_delete" parameter of the "/www/people/editprofile.php" script before using it in an SQL query. GForge versions prior to 4.6b2 are affected.
  • Ref: http://www.securityfocus.com/bid/25665
  • 07.39.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JBlog ID Parameter Multiple SQL Injection Vulnerabilities
  • Description: JBlog is a blogging application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" and "admin/modifpost.php" scripts before using it in an SQL query. JBlog version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25669
  • 07.39.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Webquest Soporte_Derecha_W.PHP Parameter SQL Injection
  • Description: PHP Webquest is a PHP-based content manager designed for educators. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_actividad" parameter of the "webquest/soporte_derecha_w.php" script before using it in an SQL query. PHP Webquest version 2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/25668
  • 07.39.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gelato CMS Index.PHP SQL Injection
  • Description: Gelato CMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "post" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/479466
  • 07.39.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KwsPHP Multiple SQL Injection Vulnerabilities
  • Description: KwsPHP is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/4413
  • 07.39.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Omnistar Article Manager Article.PHP SQL Injection
  • Description: Omnistar Article Manager is a content manager. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "page_id" parameter of the "article.php" script.
  • Ref: http://www.securityfocus.com/bid/25692
  • 07.39.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KwsPHP Sondages Module ID Parameter SQL Injection
  • Description: KwsPHP is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "sondages" module before using it in an SQL query. KwsPHP version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25700
  • 07.39.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OneCMS Userreviews.PHP SQL Injection
  • Description: OneCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "abc" parameter of the "userreviews.php" script before using it in an SQL query. OneCMS version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/25741
  • 07.39.58 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Joomla!Radio Component Local File Include
  • Description: Joomla! Joomla!Radio is a streaming audio component for the web-based Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "mosConfig_live_site" parameter of the "admin.joomlaradiov5.php" script.
  • Ref: http://www.securityfocus.com/bid/25664
  • 07.39.59 - CVE: Not Available
  • Platform: Web Application
  • Title: phpFFL PHPFFL_File_Root Parameter Multiple Remote File Include Vulnerabilities
  • Description: phpFFL is a web-based Fantasy Football League manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "PHPFF_FILE_ROOT" parameter of the scripts "/phpffl_webfiles/program_files/livedraft/livedraft.php" and "/phpffl_webfiles/program_files/livedraft/admin.php". phpFFL version 1.24 is affected.
  • Ref: http://www.securityfocus.com/bid/25667
  • 07.39.60 - CVE: Not Available
  • Platform: Web Application
  • Title: HP System Management Homepage Incomplete Update Installation Weakness
  • Description: HP System Management Homepage (SMH) is a web-based server management interface. The application is exposed to a weakness that can result in a false sense of security.
  • Ref: http://www.securityfocus.com/archive/1/479440
  • 07.39.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! FlashFun Component mosConfig_live_site Remote File Include
  • Description: Joomla! Flashfun is a PHP-based games component for the Joomla content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_live_site" parameter of the "admin.joomlaflashfun.php" script.
  • Ref: http://www.milw0rm.com/exploits/4415
  • 07.39.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Chupix CMS download.PHP Arbitrary File Download
  • Description: Chupix CMS is a web-based content management system. The application is exposed to an arbitrary file download issue because it fails to sufficiently sanitize user-supplied input to the "fichier" parameter of the "download.php" script. Chupix CMS version 0.2.3 is affected.
  • Ref: http://www.milw0rm.com/exploits/4411
  • 07.39.63 - CVE: Not Available
  • Platform: Web Application
  • Title: ewire Payment Client Command Execution
  • Description: ewire Payment Client is a PHP-based online transaction system. The application is exposed to an issue that allows arbitrary shell commands to run because the software fails to adequately escape user-supplied input. ewire Payment Client versions 1.60 and 1.70 are affected.
  • Ref: http://www.fortconsult.net/images/pdf/advisory_feb2007.pdf
  • 07.39.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla!12Pictures Component MosConfig_Live_Site Remote File Include
  • Description: Joomla!12Pictures is a PHP-based flash component for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_live_site" parameter of the "/administrator/components/com_joom12pic/admin.joom12pic.php" script.
  • Ref: http://www.securityfocus.com/bid/25691
  • 07.39.65 - CVE: CVE-2007-3010
  • Platform: Web Application
  • Title: Alcatel-Lucent OmniPCX Enterprise Remote Command Execution
  • Description: Alcatel-Lucent OmniPCX Enterprise is an integrated communications application. It includes a Unified Maintenance Tool, a web-based management application. The application is exposed to a remote command execution issue because it fails to adequately sanitize user-supplied data. Alcatel-Lucent OmniPCX Enterprise versions R7.1 and earlier are affected.
  • Ref: http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
  • 07.39.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Shop-Script FREE Multiple Remote Vulnerabilities
  • Description: Shop-Script FREE is a PHP-based shopping cart application. The application is exposed to multiple remote issues. Shop-Script FREE version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25695
  • 07.39.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery Multiple Input Validation Vulnerabilities
  • Description: Coppermine Photo Gallery is a PHP-based photo gallery. The application is exposed to multiple remote issues. Coppermine PhotoGallery version 1.4.12 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479757
  • 07.39.68 - CVE: Not Available
  • Platform: Web Application
  • Title: phpSyncML Base_Dir Parameter Multiple Remote File Include Vulnerabilities
  • Description: phpSyncML is a tool for syncing contacts, calendars, and timetables between desktop and portable devices. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "base_dir" parameter of the scripts "/wbxml/WBXML/Decoder.php" and "/wbxml/WBXML/Encoder.php". phpSyncML version 0.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/25701
  • 07.39.69 - CVE: Not Available
  • Platform: Web Application
  • Title: obedit Save Function HTML Injection
  • Description: The "obedit" application is a Flash-based rich text editor. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue occurs in the save function when saving a document. obedit version 3.03 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479817
  • 07.39.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Elastic Path User Details Multiple HTML Injection Vulnerabilities
  • Description: Elastic Path is a web-based ecommerce application. The application is exposed to multiple HTML injection issues because the application fails to sufficiently sanitize user input to the "First Name" and "Last Name" form-field parameters when viewing user details. Elastic Path version 5.0 is affected. Ref: http://www.mwrinfosecurity.com/publications/mwri_elastic-path-ecommer-manager-advisory_2007-04-25.pdf
  • 07.39.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Merak Mail Server Email Message HTML Injection
  • Description: Merak Mail Server is a mail server application written for multiple platforms. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, the application fails to sanitize email messages before viewing them in the IceWarp interface. Merak Mail Server versions 8.9.2 and 8.9.1 are affected. Ref: http://www.mwrinfosecurity.com/publications/mwri_merak-webmail-xss-advisory_2008-09-17.pdf
  • 07.39.72 - CVE: Not Available
  • Platform: Web Application
  • Title: ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
  • Description: ktauber.com Styles Demo MOD is a modification application for the phpBB content management system. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Styles Demo MOD version 0.9.9 is affected.
  • Ref: http://www.securityfocus.com/bid/25710
  • 07.39.73 - CVE: Not Available
  • Platform: Web Application
  • Title: openEngine main.PHP Remote File Include
  • Description: openEngine is a web-based content manager implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "this_module_path" parameter of the "modules/extranet_profile/main.php" script. openEngine version 1.9 is affected.
  • Ref: http://www.securityfocus.com/bid/25716
  • 07.39.74 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPortal employee.PHP Remote File Include
  • Description: PHPortal is a PHP-based environment for developing portal applications. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "DOCUMENT_ROOT" parameter of the "employee.php" script. PHPortal version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/25717
  • 07.39.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Streamline Account_Footer.PHP Remote File Include
  • Description: Streamline is a PHP-based streaming media server. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "sl_theme_unix_path" parameter of the "account_footer.php" script. Streamline version 1.0-Beta4 affected.
  • Ref: http://www.securityfocus.com/bid/25736
  • 07.39.76 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBB Plus German Language Pack PHPBB_Root_Path Parameter Remote File Include
  • Description: phpBB Plus is a modified version of the phpBB bulletin board to include added features. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "phpbb_root_path" parameter of the "language/lang_german/lang_main_album.php" script. phpBB Plus version 1.53 is affected.
  • Ref: http://www.securityfocus.com/archive/1/479997
  • 07.39.77 - CVE: Not Available
  • Platform: Web Application
  • Title: WebBatch WebBatch.EXE Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: WebBatch is a content management and creation tool for web sites. The application is exposed to multiple issues. These include a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input passed to the "webbatch.exe" script, and an information disclosure issue because the application fails to perform adequate authentication checks when the "dumpinputdata" argument is passed to the "webbatch.exe" script.
  • Ref: http://www.securityfocus.com/bid/25744/info
  • 07.39.78 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpWebGallery Picture.PHP HTML Injection
  • Description: PhpWebGallery is a PHP-based photo gallery application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "author" parameter of the "picture.php" script before using it in dynamically generated content. PhpWebGallery version 1.7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25745
  • 07.39.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Flip Unauthorized Administrative Account Creation Security Bypass
  • Description: Flip is a blogging application. The application is exposed to a security bypass issue because it fails to perform adequate authentication checks during administrative account creation. Flip version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/25746
  • 07.39.80 - CVE: Not Available
  • Platform: Web Application
  • Title: SimplePHPBlog img_upload_cgi.PHP Arbitrary File Upload
  • Description: SimplePHPBlog is a web-based blog application. The application is exposed to an arbitrary file upload issue because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the "img_upload_cgi.php" script. SimplePHPBlog version 0.4.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/480092
  • 07.39.81 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB XS Profile.PHP HTML Injection
  • Description: phpBB XS is a PHP-based bulletin board. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "selfdes" form field parameter of the "profile.php" script. phpBB XS version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/25750

(c) 2007. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This was by far the best course I have ever taken.
-Peter Lombars, Intrucom Inc.

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU