Here are some of the latest vulnerability alerts, based on my Internet travels this morning:
Check Point flaws
The French Security Incident Response Team (FrSIRT) has issued two advisories about some security holes in Check Point products.
The first advisory is about a flaw attackers could exploit in Check Point’s Safe@Office appliances to execute arbitrary requests. “This issue is caused by input validation errors in the web interface that fails to properly validate HTTP requests, which could be exploited by attackers to bypass security restrictions and manipulate certain data by tricking an administrator into following a malicious URL,” FrSIRT said. It affects Check Point Safe@Office Appliances version 7.0.39x and prior and can be addressed by upgrading to Embedded NGX 7.0.45 GA.
The second advisory is about a flaw attackers could exploit in Check Point VPN-1 UTM Edge to execute arbitrary scripting code. “This issue is caused by unspecified input validation errors in the management interface that fails to properly validate HTTP requests, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user’s browser in the security context of an affected Web site,” FrSIRT said. Upgrading to the latest version fixes the problem.
Flaws in HP security products
HP has acknowledged flaws attackers could exploit in its Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX) to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
Secunia’s advisory has full details.