General Discussion

[here]

FYI...

- http://www.darkreading.com/document.asp?doc_id=107651
JUNE 26, 2007 ~ "...A security appliance firm has found the wily bug in products from eight security vendors, including Check Point Software's Safe@Office Unified Threat Management device, versions 7.0.39X and prior... Check Point, which today issued a patch* for the bug within its 7.0.45 release of the product, is the only vendor so far to officially respond to the CSRF discovery found by Calyptix Security, a tiny Charlotte, N.C.-based supplier of all-in-one security appliances for SMBs. Dan Weber, the Calyptix security engineer who found the CSRF bugs, says the company only got automated responses thanking it from the other security vendors it contacted. Citing his company's responsible disclosure policy, he wouldn't name the other affected vendors, but he did say one is a UTM vendor that says it has sold over one million devices. CSRF is found in most everything with a Web-based interface, including printers, firewalls, DSL routers, and IP phones, says Jeremiah Grossman, CTO of WhiteHat Security and a CSRF expert. "Just about every important feature on every Website and Web-interface is likely to be vulnerable," he says..."
* http://www.sofaware.com/supportDownloads.aspx?boneId=182