---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Clavister CorePlus Multiple Security Issues SECUNIA ADVISORY ID: SA25957 VERIFY ADVISORY: http://secunia.com/advisories/25957/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From remote OPERATING SYSTEM: Clavister Security Gateway 8.x http://secunia.com/product/6205/ DESCRIPTION: Some security issues have been reported in Clavister CorePlus, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. 1) An unspecified error in the in the IKE negotiation when validating certificates can cause the gateway to stop responding. 2) An unspecified error under certain circumstances causes SMTP commands to be incorrectly parsed, which allows blacklisted addresses to bypass the SMTP ALG. 3) An unspecified error results in small files not being scanned by the Antivirus-Engine when passing the HTTP-ALG. SOLUTION: Update to Clavister CorePlus version 8.81.01 or Clavister CorePlus version 8.80.04 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------