Multiple products from intrusion detection vendor Internet Security Systems (ISS) share an identical vulnerability that can allow the remote execution of arbitrary code. Network security vendor eEye, which found the flaws, recommends patching to fix the problem. Mitigation may also be possible.
The vulnerability affects RealSecure Network 7.0, Real Secure Server Sensor 7.0, Proventia A Series, Proventia G Series, Proventia M Series, RealSecure Desktop, RealSecure Guard, RealSecure Sentry, BlackICE PC Protection and BlackICE Server Protection. ISS has issued patches. Mitigation is also possible by blocking SMB traffic at the perimeter.
eEye Digital Security took the controversial step of sending an advisory out on these vulnerabilities before a patch was available. The company says its goal is to make administrators aware of the existence of problems, while prodding software vendors to speed delivery of patches.
The statement comes after eEye remained mum for 200 days while waiting for Microsoft to release a patch last month for a critical vulnerability in its Windows software.