OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Erik Tayler (erikDIGITALDEFENSE.NET)
Date: Fri Mar 23 2001 - 10:21:31 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    At least two products of the Elron Internet Manager family of tools
    contain directory traversal vulnerabilities. The problem exists in
    the following products:

      --[ IM Message Inspector
      --[ IM Anti-Virus

    Elron Internet Manager products that are not vulnerable are:

      --[ IM Firewall

    Untested Elron software is listed below:

      --[ IM Web Inspector

    If the IM Web Inspector comes with Elron Software's proprietary web
    server as well, it is undoubtedly vulnerable as well.

    Exact version numbers were not obtained, this can be attributed to
    the tragic loss of 3 VMWare images [it was a painful experience].
    Vulnerabilities were discovered on 2-21-01, so whichever versions
    were current at time of discovery, those are the vulnerable versions.
    Elron Software was contacted on 2-21-01, I was not told if they were
    going to release a fix or not. If you use Elron Software products,
    check http://www.elronsw.com for updates, or call technical support.

    I attached a .zip file with more details on the vulnerability, the .zip
    file contains one (1) TXT file, and one (1) Word document. I attached
    the TXT file for those who are scared of macros. Have fun.

    Erik Tayler
    Security Analyst
    Digital Defense Incorporated
    http://www.digitaldefense.net