Latest Alerts and Advisories

>> How To Contact 3Com on Security-Related Vulnerabilities, Incidents, or Issues

3Com Product Security Bulletins:
3COM-07-003 - TippingPoint™ IPS Extended Unicode Evasion
3COM-07-002 - TippingPoint™ IPS Filter Bypass Vulnerability
3COM-07-001 - TippingPoint™ IPS Unicode Evasion
3COM-06-004 - 3Com Switch Information Disclosure
3COM-06-003 - TippingPoint™ IPS Page Fault Vulnerability
3COM-06-002 - TippingPoint™ SMS Information Disclosure

> Learn about severity ratings.

TippingPoint Security Research Team Advisories:
TPTI-07-14 - HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities
TPTI-07-13 - Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability
TPTI-07-12 - Multiple Vendor Progress Server Heap Overflow Vulnerability
TSRT-07-11 - Firebird SQL fbserver 'connect' Buffer Overflow Vulnerability
TSRT-07-10 - Centennial Software XFERWAN Stack Overflow Vulnerability
TSRT-07-09 - Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability
TSRT-07-08 - Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability
TSRT-07-07 - Apple QuickTime STSD Parsing Heap Overflow Vulnerability
TSRT-07-06 - Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption Vulnerability
TSRT-07-05 - IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities
TSRT-07-04 - LANDesk Management Suite Alert Service Stack Overflow Vulnerability
TSRT-07-03 - America Online SuperBuddy ActiveX Control Code Execution Vulnerability
TSRT-07-02 - Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities
TSRT-07-01 - Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities
TSRT-06-15 - Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability
TSRT-06-14 - IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities
TSRT-06-13 - HP OpenView Client Configuration Manager Device Code Execution Vulnerability
TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability
TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities
TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability
TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability
TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability
TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities
TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Vuln.
TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Vuln.
TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability
TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability

Recent Zero Day Initiative Advisories:

2007.12.17 - ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerabilty
2007.12.17 - ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability
2007.12.17 - ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure
2007.12.11 - ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow
2007.12.11 - ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability
2007.12.11 - ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption
2007.12.11 - ZDI-07-073: Microsoft Internet Explorer setExpression Code Execution
2007.12.10 - ZDI-07-072: Novell NetMail AntiVirus Agent Multiple Heap Overflows
2007.12.06 - ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows
2007.12.06 - ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability
2007.11.26 - ZDI-07-069: CA BrightStor ARCserve Message Engine Insecure Method Exposure
2007.11.05 - ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow
2007.11.05 - ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption
2007.11.05 - ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption
2007.11.05 - ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption
2007.10.31 - ZDI-07-064: Novell Client Trust Heap Overflow Vulnerability
2007.10.31 - ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability
2007.10.31 - ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability
2007.10.31 - ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution
2007.10.31 - ZDI-07-060: HP OpenView Radia Integration Server File System Exposure
2007.10.31 - ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
2007.10.31 - ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability
2007.10.10 - ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability
2007.10.10 - ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities
2007.10.10 - ZDI-07-055: Microsoft Windows DCERPC Authentication DoS Vulnerability
2007.09.24 - ZDI-07-054: IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
2007.09.20 - ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy
2007.09.12 - ZDI-07-052: Multiple Kerberos Implementations
2007.09.07 - ZDI-07-051: Trend Micro ServerProtect
2007.09.07 - ZDI-07-050: Trend Micro ServerProtect
2007.08.20 - ZDI-07-049: EMC Legato Networker
2007.08.14 - ZDI-07-048: Microsoft Internet Explorer
2007.08.14 - ZDI-07-047: Microsoft WMPlayer
2007.08.14 - ZDI-07-046: Microsoft WMPlayer
2007.08.06 - ZDI-07-045: Novell Client NWSPOOL.DLL S
2007.07.25 - ZDI-07-044: BakBone NetVault Reporter Scheduler
2007.07.24 - ZDI-07-043: Ipswitch IMail IMAP Daemon
2007.07.24 - ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry
2007.07.24 - ZDI-07-041: Panda Software AdminSecure Agent
2007.07.12 - ZDI-07-040: Symantec AntiVirus Engine CAB parsing
2007.07.12 - ZDI-07-039: Symantec AntiVirus Engine RAR parsing
2007.06.12 - ZDI-07-038: Microsoft IE Prototype Dereference
2007.06.12 - ZDI-07-037: Microsoft IE Language Pack Installation
2007.06.11 - ZDI-07-036: Arris Cadant C3 CMTS
2007.06.05 - ZDI-07-035: CA Multiple Product AV Engine
2007.06.05 - ZDI-07-034: CA Multiple Product AV Engine
2007.05.15 - ZDI-07-033: Samba lsa_io_trans_names
2007.05.15 - ZDI-07-032: Samba sec_io_acl
2007.05.15 - ZDI-07-031: Samba smb_io_notify_option_type_data
2007.05.15 - ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d
2007.05.15 - ZDI-07-029: Samba lsa_io_privilege_set
2007.05.10 - ZDI-07-028: CA eTrust AntiVirus Server
2007.05.08 - ZDI-07-027: Microsoft Internet Explorer
2007.05.08 - ZDI-07-026: Microsoft Excel Named Graph
2007.05.07 - ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll
2007.05.07 - ZDI-07-024: Trend Micro ServerProtect EarthAgent
2007.05.01 - ZDI-07-023: Apple QTJava toQTPointer()
2007.04.24 - ZDI-07-022: CA BrightStor ArcServe Media Server
2007.04.19 - ZDI-07-021: GraceNote CDDBControl
2007.04.18 - ZDI-07-020: BMC Performance Manager
2007.04.18 - ZDI-07-019: BMC Patrol PerformAgent
2007.04.18 - ZDI-07-018: IBM Tivoli Monitoring
2007.04.18 - ZDI-07-017: Oracle E-Business Suite
2007.04.18 - ZDI-07-016: Oracle E-Business Suite
2007.04.18 - ZDI-07-015: Novell Groupwise WebAccess
2007.04.05 - ZDI-07-013: Kaspersky AntiVirus Engine
2007.04.03 - ZDI-07-012: Yahoo! Messenger AudioConf
2007.03.28 - ZDI-07-011: IBM Lotus Domino IMAP Server
2007.03.07 - ZDI-07-010: Apple Quicktime
2007.03.07 - ZDI-07-009: Novell Netmail WebAdmin
2007.03.02 - ZDI-07-008: Apache Tomcat
2007.02.08 - ZDI-07-007: HP Mercury
2007.01.24 - ZDI-07-006: Citrix
2007.01.16 - ZDI-07-005: Sun Java
2007.01.11 - ZDI-07-004: Computer Associates
2007.01.11 - ZDI-07-003: Computer Associates
2007.01.11 - ZDI-07-002: Computer Associates
2006.08.28 - Disclosure Pipeline Unveiled

More ZDI Advisories...


Security Contact

How To Contact 3Com on Security-Related Vulnerabilities, Incidents, or Issues:

When a possible vulnerability has been discovered in a 3Com product, solution, or service, or an incident involving a 3Com product, solution, or service either directly or indirectly has arisen please submit a Vulnerability (Web) Disclosure Form or contact the 3Com Security Response Team (3Com SRT) directly via email at 3Com_SRT@3Com.com or through 3Com's Partner Access website located at: http://pa.3com.com immediately or in tandem with any procedures you or your organization may have in place for dealing with these types of incidents or discoveries.

Vulnerability submissions received via the Vulnerability Disclosure Form will enable 3Com First Responders and SRT to respond to the information faster by facilitating a more rapid prioritization and analysis of the information presented. Vulnerability information submitted without a valid return address to respond to will automatically be discarded.

If you do not have access to 3Com's Partner Access website, please contact your local 3Com representative or consultant or locate the closest 3Com Partner through our Partner Locator to help us better facilitate the vulnerability mediation process located here.

For 3Com's complete Vulnerability Handling and Disclosure Policy click here.
RELATED LINKS

TRAININGPRODUCTS


Intrusion Prevention Systems »
X505 »
Security Management System »
Digital Vaccine »
3Com Security Solutions »
Awards & Certifications »
Customer Testimonials »
How to Purchase »


TECHNOLOGY


Threat Suppression Engine »
Tipping Point Filters »
Phishing Protection »
Spyware Protection »
Quarantine Protection»
Advanced DoS Protection »
VoIP Protection »



TRAINING


Training Curriculum »
Authorized Training Partners »


RESOURCES


Data Sheets »
White Papers »
Case Studies »
Webcasts »
Security Resources »
Threat Management Center »