In association with heise online

26 July 2006, 16:55

eIQnetworks closes eight critical holes in Enterprise Security Analyzer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

eIQnetworks, makers of Enterprise Security Analyzer, has released Update 2.5.0 for that product, closing eight security holes in all. Five of these could allow those attacking the network to plant and execute their own code in the management server. Three of the holes can be exploited to crash specific services. The manufacturer has categorized all of the flaws as critical. According to Tipping Point, which discovered several of the holes, the product is also sold by other software producers in OEM versions; these are also affected by the problem:

  • Astaro Report Manager
  • Fortinet FortiReporter
  • iPolicy Security Reporter
  • SanMina Viking Multi-Log Manager
  • Secure Computing G2 Security Reporter
  • Top Layer Network Security Analyzer

Tipping Point is also offering its own advisories regarding the holes. These note that the remote code execution holes are due to buffer overflows during the reading in of specific commands with long arguments in the syslog manager, license manager, and topology server. Enterprise Security Analyzer is a solution for collecting and evaluating security-related information about firewalls, intrusion prevention, and other systems.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit