Tuesday, July 31, 2007

Security: @RISK Newsletter

This time, CA (computer associates) and four of its products parade along with a critical security hole. Quoting @RISK Newsletter:
This week four CA products (eTrust IDS, Unicenter, CleverPath, and
BrightStor) were found to all use a common service that has a critical
buffer overflow error.
The vulnerabilities detected are listed here:
Widely Deployed Software
(1) CRITICAL: Yahoo! Widgets ActiveX Control Buffer Overflow
(2) CRITICAL: Computer Associates Multiple Products Multiple Vulnerabilities
(3) CRITICAL: BakBone NetVault Reporter Scheduler Buffer Overflow
(4) HIGH: Panda Antivirus Products Multiple Vulnerabilities
(5) HIGH: Borland InterBase Create Request Buffer Overflow
(6) HIGH: ESET NOD32 Multiple Vulnerabilities
(7) HIGH: Norman Antivirus Multiple Vulnerabilities

Quite a lot of sensitive programs, especially those of NOD32 and Norman, two mostly respected and widely used antivirus products. I hope they'll get the patches out soon enough to calm down the public and their customers.

No comments: