Bugtraq mailing list archives
Elron IM Products Vulnerability
From: Erik Tayler <erik () DIGITALDEFENSE NET>
Date: Fri, 23 Mar 2001 10:21:31 -0600
At least two products of the Elron Internet Manager family of tools contain directory traversal vulnerabilities. The problem exists in the following products: --[ IM Message Inspector --[ IM Anti-Virus Elron Internet Manager products that are not vulnerable are: --[ IM Firewall Untested Elron software is listed below: --[ IM Web Inspector If the IM Web Inspector comes with Elron Software's proprietary web server as well, it is undoubtedly vulnerable as well. Exact version numbers were not obtained, this can be attributed to the tragic loss of 3 VMWare images [it was a painful experience]. Vulnerabilities were discovered on 2-21-01, so whichever versions were current at time of discovery, those are the vulnerable versions. Elron Software was contacted on 2-21-01, I was not told if they were going to release a fix or not. If you use Elron Software products, check http://www.elronsw.com for updates, or call technical support. I attached a .zip file with more details on the vulnerability, the .zip file contains one (1) TXT file, and one (1) Word document. I attached the TXT file for those who are scared of macros. Have fun. Erik Tayler Security Analyst Digital Defense Incorporated http://www.digitaldefense.net
Attachment:
elronim.zip
Description:
Current thread:
- Elron IM Products Vulnerability Erik Tayler (Mar 23)