3com, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Adobe

Notified:  April 09, 2008 Updated: April 09, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Alcatel

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Apple Computer, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

AT&T

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Avaya, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Avici Systems, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Borderware Technologies

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Bro

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

CentOS

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Charlotte's Web Networks

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Check Point Software Technologies

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Cisco Systems, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Clavister

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Computer Associates

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Computer Associates eTrust Security Management

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Conectiva Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Cray Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Data Connection, Ltd.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Debian GNU/Linux

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

D-Link Systems, Inc.

Updated:  January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

EMC Corporation

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Engarde Secure Linux

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Enterasys Networks

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Ericsson

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

eSoft, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Extreme Networks

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

F5 Networks, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Fedora Project

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Force10 Networks, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Fortinet, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Foundry Networks, Inc.

Notified:  January 15, 2008 Updated: January 30, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

FreeBSD, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Fujitsu

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Gentoo Linux

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Global Technology Associates

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hewlett-Packard Company

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hitachi

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hyperchip

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IBM Corporation

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IBM Corporation (zseries)

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IBM eServer

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Ingrian Networks, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Intel Corporation

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Internet Security Systems, Inc.

Notified:  January 15, 2008 Updated: January 30, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Intoto

Notified:  January 15, 2008 Updated: January 30, 2008

Status

  Not Vulnerable

Vendor Statement

Intoto iGateway Firewall ships with UPnP feature, however it is disabled by default. Network administrator has to specifically enable this feature from management interface in order to make it operational. iGateway Firewall also has capability to set filters for source of UPnP messages, allowing only trusted machine's messages to be received and processed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

IP Filter

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Juniper Networks, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Linksys (A division of Cisco Systems)

Updated:  January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Lucent Technologies

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Luminous Networks

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

m0n0wall

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Mandriva, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

McAfee

Notified:  January 15, 2008 Updated: January 21, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Microsoft Corporation

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

MontaVista Software, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Multinet (owned Process Software Corporation)

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Multitech, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

NEC Corporation

Notified:  January 15, 2008 Updated: June 30, 2008

Status

  Vulnerable

Vendor Statement

Some of NEC products are affected by this vulnerability. For more details see http://www.nec.co.jp/security-info/secinfo/nv08-006.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

NetBSD

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

netfilter

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Netgear, Inc.

Updated:  January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Network Appliance, Inc.

Notified:  January 15, 2008 Updated: January 30, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

NextHop Technologies, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Nokia

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Nortel Networks, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Novell, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

OpenBSD

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Openwall GNU/*/Linux

Notified:  January 15, 2008 Updated: January 16, 2008

Status

  Unknown

Vendor Statement

Openwall GNU/*/Linux is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

QNX, Software Systems, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

RadWare, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Redback Networks, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Red Hat, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Riverstone Networks, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Secure Computing Network Security Division

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Secureworx, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Silicon Graphics, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Slackware Linux Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

SmoothWall

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Snort

Notified:  January 15, 2008 Updated: January 21, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Sony Corporation

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Sourcefire

Notified:  January 15, 2008 Updated: January 21, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Stonesoft

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Sun Microsystems, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

SUSE Linux

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Symantec, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

The SCO Group

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

TippingPoint, Technologies, Inc.

Notified:  January 15, 2008 Updated: January 16, 2008

Status

  Not Vulnerable

Vendor Statement

TippingPoint devices do not ship with UPnP.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Trustix Secure Linux

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Turbolinux

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Ubuntu

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Unisys

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

UPnP

Notified:  February 25, 2008 Updated: July 22, 2008

Status

  Unknown

Vendor Statement

The security advisory described in CERT advisory http://www.kb.cert.org/vuls/id/347812 appears to stem from the ability of the Flash ActionScript platform to modify the content type header of HTTP requests made from that platform to other IP addresses. The demonstrated exploit to UPNP seems to be just one of many interactions that the ActionScript platform could cause based on note security problem when accessing services both in and outside the home. The UPnP Forum recommends that Adobe Flash users update to at least the Flash Player 9 April 2008 Security Update to protect their network systems from this and other potential attacks. The UPnP forum recommends that manufacturers support a security solution in their products for critical service methods. The UPnP forum standardized an access control solution in November 2003 that was designed to be used for this purpose, but to date has not be adopted by manufacturers. A complementary short-term solution is for manufacturers to use a non-fixed URL for their service URLBase values, so that they may not be predicted by such attacks. The UPnP forum is committed to providing value for consumers and the industry. As a result, we continue to actively work with the industry on security solutions that can be adopted in home environments. Per normal security practice, the UPnP forum recommends also that users change the default passwords on my product to protect against other non-UPnP attacks and that users follow the appropriate security precautions for their computer platforms.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Watchguard Technologies, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Wind River Systems, Inc.

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

ZyXEL

Notified:  January 15, 2008 Updated: January 15, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.