That page has the download link on it. On Thu, Jan 31, 2013 at 3:24 PM, Andrew S. Baker <asbz...@gmail.com> wrote:
> Are you actually able to download via that link? > > > > > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…*** > > > > > > On Thu, Jan 31, 2013 at 4:07 PM, Ziots, Edward <ezi...@lifespan.org>wrote: > >> >> http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp >> **** >> >> ** ** >> >> Nice detection utility which will help out the home users. **** >> >> ** ** >> >> Z**** >> >> ** ** >> >> Edward E. Ziots, CISSP, Security +, Network +**** >> >> Security Engineer**** >> >> Lifespan Organization**** >> >> ezi...@lifespan.org**** >> >> ** ** >> >> This electronic message and any attachments may be privileged and >> confidential and protected from disclosure. If you are reading this >> message, but are not the intended recipient, nor an employee or agent >> responsible for delivering this message to the intended recipient, you are >> hereby notified that you are strictly prohibited from copying, printing, >> forwarding or otherwise disseminating this communication. If you have >> received this communication in error, please immediately notify the sender >> by replying to the message. Then, delete the message from your computer. >> Thank you.**** >> >> *[image: Description: Description: Lifespan]* >> >> ** ** >> >> ** ** >> >> *From:* Ziots, Edward [mailto:ezi...@lifespan.org] >> *Sent:* Thursday, January 31, 2013 1:04 PM >> >> *To:* NT System Admin Issues >> *Subject:* RE: Ouch - UPnP >> *Importance:* High**** >> >> ** ** >> >> Cross post from Bugtraq, **** >> >> ** ** >> >> DefenseCode Security Advisory**** >> >> http://www.defensecode.com/**** >> >> ** ** >> >> ** ** >> >> Broadcom UPnP Remote Preauth Root Code Execution Vulnerability**** >> >> ** ** >> >> ** ** >> >> Advisory ID: DC-2013-01-003**** >> >> Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution >> Vulnerability Advisory URL: >> http://www.defensecode.com/subcategory/advisories-28**** >> >> Software: Broadcom UPnP software**** >> >> Vulnerable: Multiple router manufacturers Vendor Status: Vendors >> contacted Initial Release Date: 2013-01-15 Release Date Postponed To: >> 2013-01-31**** >> >> Risk: Critical**** >> >> ** ** >> >> ** ** >> >> ** ** >> >> 1. General Overview**** >> >> ===================**** >> >> ** ** >> >> During the security evaluation of Cisco Linksys routers for a client, we >> have discovered a critical security vulnerability that allows remote >> unauthenticated attacker to remotely execute arbitrary code under root >> privileges.**** >> >> Upon initial vulnerability announcement a few weeks ago Cisco spokesman >> stated that only one router model is vulnerable - WRT54GL.**** >> >> We have continued with our research and found that, in fact, same >> vulnerable firmware component is also used in at least two other Cisco >> Linksys models - WRT54G3G and probably WRT310N. Could be others.**** >> >> ** ** >> >> Moreover, vulnerability turns out even more dangerous, since we have >> discovered that same vulnerable firmware component is also used across many >> other big-brand router manufacturers and many smaller vendors.**** >> >> ** ** >> >> Vulnerability itself is located in Broadcom UPnP stack, which is used by >> many router manufacturers that produce or produced routers based on >> Broadcom chipset.**** >> >> We have contacted them with vulnerability details and we expect patches >> soon. However, we would like to point out that we have sent more than 200 >> e-mails to various router manufacturers and various people, without much >> success.**** >> >> ** ** >> >> Some of the manufacturers contacted regarding this vulnerability are >> Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, US Robotics, and so >> on.**** >> >> Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom >> UPnP chipset. You can check how many manufacturers use Broadcom chipset** >> ** >> >> here: http://wiki.openwrt.org/toh/start (search for Broadcom, brcm or >> bcm).**** >> >> ** ** >> >> We don't know exactly how many of them are affected, since we were unable >> to contact all of them, but we suspect there are probably tens of millions >> vulnerable routers out there.**** >> >> ** ** >> >> ** ** >> >> Edward E. Ziots, CISSP, Security +, Network +**** >> >> Security Engineer**** >> >> Lifespan Organization**** >> >> ezi...@lifespan.org**** >> >> ** ** >> >> This electronic message and any attachments may be privileged and >> confidential and protected from disclosure. If you are reading this >> message, but are not the intended recipient, nor an employee or agent >> responsible for delivering this message to the intended recipient, you are >> hereby notified that you are strictly prohibited from copying, printing, >> forwarding or otherwise disseminating this communication. If you have >> received this communication in error, please immediately notify the sender >> by replying to the message. Then, delete the message from your computer. >> Thank you.**** >> >> *[image: Description: Description: Lifespan]* >> >> ** ** >> >> ** ** >> >> *From:* David Lum [mailto:david....@nwea.org <david....@nwea.org>] >> *Sent:* Thursday, January 31, 2013 12:37 PM >> *To:* NT System Admin Issues >> *Subject:* RE: Ouch - UPnP**** >> >> ** ** >> >> See the thread called “Shocking? Somehow, not...”**** >> >> ** ** >> >> Having a more descriptive subject line like yours is far too logical J*** >> * >> >> ** ** >> >> *From:* N Parr [mailto:npar...@mortonind.com <npar...@mortonind.com>] >> *Sent:* Thursday, January 31, 2013 9:30 AM >> *To:* NT System Admin Issues >> *Subject:* Ouch - UPnP**** >> >> ** ** >> >> >> http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/?tag=nl.e757&s_cid=e757 >> **** >> >> **** >> >> Guess it would mostly affect home users but they are going to be the ones >> who would never hear about it for be able to fix it.**** >> >> **** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin**** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin**** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin**** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image001.jpg>>
