RSA releases patches for several products

Security service provider TippingPoint has released a security advisory reporting a security hole in server products of Progress Software, which also compromises third-party products, including products by RSA. The vulnerability is based on a heap overflow on the Progress Server (_mprosrv.exe) listening on TCP ports 5520 and 5530 when processing parameters of excessive length. According to TippingPoint, this allows remote attackers to inject and execute arbitrary code with system privileges. The security advisory does not provide information on whether the vendor will provide its own updates for the affected products Progress 9.1E and OpenEdge 10.1x. However, RSA provides patches for RSA ACE/Server 5.2, RSA Authentication Manager 6.0, RSA Authentication Manager 6.1 and RSA SecurID Appliance 2.0 and has obviously informed its clients on the problem on June 28 already.

While users of TippingPoint’s Digital Vaccine IPS solution should have been protected from this threat through signatures since June 22, vendor 3Com, who owns TippingPoint, has released two security advisories describing how the IPS can be bypassed. To do so, packets must be fragmented in a specific manner. The vulnerability affects IP systems with TOS versions 2.1, 2.2.0 to 2.2.4 and 2.5.0 to 2.5.1. Attackers could also bypass detection by inserting slashes in Unicode coding in an URI. This flaw affects TOS version 2.1 and versions 2.2.0 to 2.2.4. TippingPoint provides patches which can be downloaded by registered clients.

See also:

• Multiple Vendor Progress Server Heap Overflow Vulnerability, security advisory by TippingPoint
• TippingPoint IPS Filter Bypass Vulnerability, security advisory by 3Com
• TippingPoint IPS Extended Unicode Evasion, security advisory by 3Com

(mba)