 |
Company |  |
|
Technical Security Consulting | |
|
Managing Risk | |
 |
Research & Development |  |
|
Forensics | |
|
Security Management | |
|
Media Centre | |
|
PCI DSS | |
 |
 |
Research & Development |
Vendor Alerts - 0days
The following table summarises the responses from each vendor to 0day vulnerabilities reported to them by IRM. Each cell represents a reported vulnerability and they are each colour-coded in the following way:
· Red – The vendor has not responded to the vulnerability report
· Orange – The vendor is investigating or developing a patch/workaround
· Green – The vendor has publicly released a patch or workaround
Each vendor name is a link to the associated list of reported vulnerabilities
|
Vendor |
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| Cisco | |||||||||
| Cisco (continued) | |||||||||
| TIBCO | |||||||||
| Oracle | |||||||||
| Symantec | |||||||||
| Avaya | |||||||||
| NEC | |||||||||
| LG | |||||||||
| IBM | |||||||||
| Juniper |
Vulnerability information release policy
When vulnerabilities are discovered, IRM follows an industry standard responsible disclosure policy. This involves contacting the software vendor, allowing them time to develop a patch to mitigate the vulnerability and then releasing the vulnerability details and patch information through the normal IT security channels.
During communication with the vendor, but before a detailed security advisory is released, a 'Vendor Alert' is published. This provides a high level description of the vulnerability class (without any details that may assist an attacker), any vendor reference that has been provided and the current status of the patch release.
IRM believes that responsible disclosure of software vulnerabilities is the best way of ensuring the future security of both its clients and the Internet community in general.
Cisco Vulnerabilities
Remote Memory Corruption Vulnerability in Cisco IOS #1
Vendor Reference:
PSIRT-1880448734
Vendor Initially Contacted:
30/07/2007
Current status:
Advisory and patch released 10/10/2007
Remote Cross Site Scripting Vulnerability in Cisco IOS
Vendor Reference:
PSIRT-2022590358
Vendor Initially Contacted:
06/09/2007
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Corruption Vulnerability in Cisco IOS #1
Vendor Reference:
PSIRT-0474975756
Vendor Initially Contacted:
21/08/2007
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Corruption Vulnerability in Cisco IOS #2
Vendor Reference:
PSIRT-0388256465
Vendor Initially Contacted:
16/08/2007
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Information Leakage Vulnerability in Cisco IOS #1
Vendor Reference:
CSCsk16129
Vendor Initially Contacted:
21/08/2007
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Information Leakage Vulnerability in Cisco IOS #2
Vendor Reference:
CSCsk16129
Vendor Initially Contacted:
21/08/2007
Current status:
Patch in development
Expected patch release date:
TBA
Local OS Version Information Leakage Vulnerability in Cisco IOS
Vendor Reference:
PSIRT-1255024833
Vendor Initially Contacted:
24/04/06
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in Cisco IOS #2
Vendor Reference:
PSIRT-0371783968
Vendor Initially Contacted:
11/10/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in Cisco IOS #3
Vendor Reference:
PSIRT-0371783968
Vendor Initially Contacted:
12/10/07
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Corruption Vulnerability in Cisco IOS #3
Vendor Reference:
PSIRT-0053125620
Vendor Initially Contacted:
16/10/07
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Information Leakage Vulnerability in Cisco IOS #3
Vendor Reference:
PSIRT-0371783968
Vendor Initially Contacted:
15/10/07
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Information Leakage Vulnerability in Cisco IOS #4
Vendor Reference:
PSIRT-0371783968
Vendor Initially Contacted:
15/10/07
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Corruption Vulnerability in Cisco IOS #4
Vendor Reference:
PSIRT-0371783968
Vendor Initially Contacted:
17/10/07
Current status:
Patch in development
Expected patch release date:
TBA
Local Memory Corruption Vulnerability in Cisco IOS #5
Vendor Reference:
PSIRT-0371783968
Vendor Initially Contacted:
17/10/07
Current status:
Patch in development
Expected patch release date:
TBA
TIBCO Vulnerabilities
Remote Memory Leak vulnerability in TIBCO Rendezvous RVD daemon
Vendor Reference:
N/A
Vendor Initially Contacted:
16/04/2007
Current status:
Advisory and patch released 26/11/2007
Remote Memory Corruption Vulnerability in TIBCO SmartPGM FX #1
Vednor Reference:
N/A
Vendor Initially Contacted:
24/09/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in TIBCO SmartPGM FX #2
Vendor Reference:
N/A
Vendor Initially Contacted:
21/09/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in TIBCO SmartPGM FX #3
Vendor Reference:
N/A
Vendor Initially Contacted:
24/09/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in TIBCO SmartPGM FX #4
Vendor Reference:
N/A
Vendor Initially Contacted:
24/09/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in TIBCO SmartPGM FX #5
Vendor Reference:
N/A
Vendor Initially Contacted:
25/09/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption vulnerability in TIBCO SmartPGM FX #6
Vendor Reference:
N/A
Vendor Initially Contacted:
21/09/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption vulnerability in TIBCO SmartPGM FX #7
Vendor Reference:
N/A
Vendor Initially Contacted:
24/10/07
Current status:
Patch in development
Expected patch release date:
TBA
Remote Memory Corruption vulnerability in TIBCO SmartPGM FX #8
Vendor Reference:
N/A
Vendor Initially Contacted:
23/11/07
Current status:
Patch in development
Expected patch release date:
TBA
Oracle Vulnerabilities
Remote Memory Corruption Vulnerability in an Oracle Service
Vendor Reference:
6296175
Vendor Initially Contacted:
20/06/06
Current status:
Advisory and patch released 17/1/2007
Remote Memory Information Leakage in an Oracle Service
Vendor Reference:
7892711
Vendor Initially Contacted:
20/06/06
Current status:
Patch in development
Expected patch release date:
TBA
Symantec Vulnerabilities
Altiris Deployment Solution Privilege Escalation
Vendor Reference:
N/A
Vendor Initially Contacted:
25/05/07
Current status:
Advisory and patch released 13/08/2007
Authentication Credentials Information Leakage in Altiris Deployment Solution
Vendor Reference:
N/A
Vendor Initially Contacted:
25/05/07
Current status:
Advisory and patch released 13/08/2007
Avaya Vulnerabilities
Remote Memory Corruption Vulnerability in an Avaya VoIP Handset
Vendor Reference:
N/A
Vendor Initially Contacted:
15/11/05
Current status:
Patch in development
Expected patch release date:
TBA
NEC Vulnerabilities
Remote Memory Corruption Vulnerability in an NEC mobile handset
Vendor Initially Contacted:
28/06/06
Current status:
Vendor has not responded
Expected patch release date:
TBA
LG Vulnerabilities
Remote Memory Corruption Vulnerability in an LG Mobile handset
Vendor Initially Contacted:
21/07/06
Current status:
Vendor has not responded
Expected patch release date:
TBA
IBM Vulnerabilities
Remote Memory Corruption Vulnerability in IBM WebSphere MQ 6.0 #1
Vendor Reference:
N/A
Vendor Initially Contacted:
10/11/07
Current status:
Vendor is investigating
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in IBM WebSphere MQ 6.0 #2
Vendor Reference:
N/A
Vendor Initially Contacted:
10/11/07
Current status:
Vendor is investigating
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in IBM WebSphere MQ 6.0 #3
Vendor Reference:
N/A
Vendor Initially Contacted:
10/11/07
Current status:
Vendor is investigating
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in IBM WebSphere MQ 6.0 #4
Vendor Reference:
N/A
Vendor Initially Contacted:
10/11/07
Current status:
Vendor is investigating
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in IBM WebSphere MQ 6.0 #5
Vendor Reference:
N/A
Vendor Initially Contacted:
11/11/07
Current status:
Vendor is investigating
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in IBM WebSphere MQ 6.0 #6
Vendor Reference:
N/A
Vendor Initially Contacted:
11/11/07
Current status:
Vendor is investigating
Expected patch release date:
TBA
Remote Memory Corruption Vulnerability in the IBM ThinkVantage TPM Service
Vendor Reference:
N/A
Vendor Initially Contacted:
10/11/07
Current status:
IBM have passed the details to Lenovo who are now investigating
Expected patch release date:
TBA
Juniper Vulnerabilities
Remote Memory Corruption Vulnerability in a Juniper Service
Vendor Reference:
N/A
Vendor Initially Contacted:
23/11/06
Current status:
Patch in development
Expected patch release date:
TBA
|
8th Floor Kings Building, Smith Square, London, SW1P 3JJ Tel: +44 (0)20 7808 6420 Fax: +44 (0)20 7808 6421 Email: enquiries@irmplc.com |
Copyright © 2008 IRM Plc. |
