Description

Use the LiveUpdate feature of Symantec Gateway Security to download the security update.

Symantec Gateway Security 5000 Series 3.0 SU 2 adds coverage for the following vulnerabilities and threats:

• Brightstor Agent Stack Overflow
• CITADEL UX Remote Buffer Overflow
• Enterasys Vertical Horizon Backdoor Acct
• Esesix Thintune Backdoor Access
• Google Desktop Search Remote XSS
• Google Toolbar About.HTML HTML Injection
• HP OpenView Remote Command Exec
• HTTP Apache Redundant Slashes DoS
• HTTP Athena Web Registration Cmd Exec.
• HTTP AWSTATS LoadPlugin Cmd Exec
• HTTP AWSTATS Logfile Cmd Exec
• HTTP AWSTATS Plugin Cmd Exec
• HTTP Comm. Link Pro login.cgi Cmd Exec
• HTTP CSVForm Shell Escape
• HTTP EzMeeting Buffer Overfow
• HTTP Firefox Unauth Clipboard Disc
• HTTP IIS CPHost Recursion Bypass
• HTTP iPlanet Force Auth Brute Force
• HTTP iPlanet HTML REND DoS
• HTTP IRIX handler CGI Cmd Exec
• HTTP JJ Sample CGI Cmd Exec
• HTTP Lastlines.cgi Dir. Recursion
• HTTP Lastlines.cgi Remote Code Exec
• HTTP Mantis Remote Script Execution
• HTTP Mod NTLM BO
• HTTP MS Media Player File Attr Corrupt.
• HTTP MS OWC Local File Disclosure
• HTTP MSIE File Download Sec. Warn Bypass
• HTTP MSIE Local Resource Enumeration
• HTTP MSIE Sysimage File Detection
• HTTP Nombas ScriptEase Dir. Recursion
• HTTP PHPBB Autologin User Level Priv Esc
• HTTP RaXnet Cacti PHP File Include
• HTTP Remote File Include (@Lex)
• HTTP Remote File Include (Blackboard)
• HTTP Remote File Include (OCPortal)
• HTTP Remote File Include (Pivot)
• HTTP TrackerCam Dir. Traversal
• HTTP TrackerCam LongURI BO
• HTTP TrackerCam Neg. Content Length DoS
• HTTP WikkiTikkiTavi Remote File Include
• HTTP Windows Shell Object Instantiation
• IMAP Cyrus MagicPlus BO
• IMAP eXtremail Format String Exec
• Medal of Honor Allied Assault BO
• Microsoft SQL Server 7.0 Remote DoS
• MS IE COM Object Misuse (1)
• MS IE HTML Object Tag Local Zone Bypass
• MS IIS SERVER_NAME Src Disclosure
• MS PnP QueryResConflist BO
• MS Printer Spooler Heap BO
• MS RDP Terminal Service DoS
• MSIE Frame Cross Site Scripting
• MSIE msdds.dll Code Exec (HTTP)
• MSN Messenger Login (HTTP)
• MSRPC Tapi Interface Buffer Overflow
• MSSQL Copyscript Distributor Exec
• MySQL MaxDB HTTP GET Buffer Overflow
• Oracle 8i TNS Buffer Overflow
• Oracle 9i Webcache File Corruption
• Oracle iSQLPlus File Access
• Shoutcast Remote Format String
• SMTP Extremail Format String
• SMTP Kinesphere Buffer Overflow
• SoftEther VPN Software
• Telnet Client env_opt_add Heap BO
• Veritas Backup Exec Arb. File Download
• Veritas NetBackup Invalid Timestamp BO
• X Design SIPD Format String Exec

Symantec Gateway Security 5000 Series 3.0 SU 2 provides updated coverage for the following vulnerabilities and threats:

• BD BugBear Web
• Darwin MS DOS Device Name DOS
• Gaobot Autostart and Service Commands
• Gaobot DDOS commands
• Gaobot Generic Bot Commands
• Gaobot Variable Config Commands
• HTTP ION CGI Dir. Traversal
• HTTP MSIE DHTML Edit Ctrl Attack
• ICC Profile TagData Overflow
• ISO-SP AB Parameter Is Not User Data
• ISO-SP DN Parameter Is Not User Data
• ISO-SP DT Parameter Is Not User Data
• ISO-SP FN Parameter Is Not User Data
• ISO-SP Invalid CN Parameter Code
• ISO-SP Invalid Service Code
• ISO-SP Oversized CN Parameter
• ISO-TP0 Invalid TPDU User Data Size
• ISO-TP0 Oversized Transport Selector ID
• ISO-TP0 Unknown Transport Code
• MS Media Player ActiveX Ctrl File Enum
• MS Windows GDI+ JPEG Overflow (HTTP)
• Phatbot OS Shutdown Commands
• Phatbot Process Control Commands
• Phatbot Scan Commands
• R(X)BOT Add Advanced-Scan Commands
• R(X)BOT Advanced-Scan Commands
• R(X)BOT Bot Scan Commands
• RFC1006 Invalid Vers/Res Fld Value (A)
• RFC1006 Invalid Vers/Res Fld Value (B)