Errata: Security Software Vulnerabilities

While no programmer is perfect, there is a healthy bit of irony when software designed to secure or protect is found to have its own vulnerability. This page isn't here to make fun of the programmers of these software applications, but more to remind people that these same companies are often the ones trashing other programmers and claiming their solutions/software as silver bullets to protect against other vulnerable vendors.

Many people don't realize that every piece of software you add to your computer, regardless of its purpose, may expose you to additional risk. While the personal firewall software stops casual scans and gives you a sense of security, it can also end up providing an easier method for an attacker to wield full control of your machine. Piling on extra security software isn't always the best solution.

This page will not be updated very frequently. It's purpose is just to give you a rough idea on how widespread the problem is. I am not attempting to pick on any vendor or criticize their efforts (on this page at least).

Network Associates: Vulnerabilities
(Gauntlet Firewall, ePolicy Orchestrator, PGP, Net Tools PKI, VirusScan, NetShield, WebShield, Gauntlet CyberPatrol, Gauntlet Firewall)

Juniper: Vulnerabilities
(NetScreen)

Symantec: Vulnerabilities
(Raptor Firewall, Gateway Security, AntiVirus, AntiSpam, Enterprise Firewall, pcAnywhere, Enterprise Security Manager (ESM), Ghost, LiveUpdate, NetProwler)

Computer Associates: Vulnerabilities
(CA Unicenter, InoculateIT, eTrust AntiVirus, eTrust Access Control, Policy Compliance Manager eTrust Intrusion Detection)

Internet Security Systems: Vulnerabilities
(RealSecure, BlackICE, Security Scanner, ICEcap)

Trend Micro: Vulnerabilities
(InterScan, OfficeScan, Virus Control System, ScanMail, Virus Buster, PC-Cillin, Damage Cleanup Server, HouseCall, AppletTrap)

Check Point: Vulnerabilities
(FireWall-1, VPN-1, SecuRemote)

Snort and Related: Vulnerabilities
(Snort, SnortCenter)

Nessus and Related: Vulnerabilities
(Nessus, NessusWX, NeWT)

eEye: Vulnerabilities
(Retina, IRIS, SecureIIS)

IPFilter and Related: Vulnerabilities
(IPFilter, Vendor specific related)

OpenBSD: Vulnerabilities
(OpenBSD, OpenSSH)

Other
OmniSecure HTTProtect Symbolic Link Arbitrary File Modification
OpenProtect useradd Shell Unspecified
OpenProtect Temporary File Permission Unspecified
Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
iisPROTECT SiteAdmin.asp SQL Injection
iisPROTECT Admin Interface SQL Injection
iisPROTECT Encoded URL Authentication Bypass
Cactus shell-lock Retrieve Protected Source Code