Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/22/2007
02:21 AM
50%
50%

Sourcefire, Insecure.org Team Up

Sourcefire and Insecure.org announced a licensing agreement for the parties to jointly develop open source vulnerability scanning technology

COLUMBIA, Md. -- Open source innovator and SNORT ® creator, Sourcefire, Inc., and Insecure.Org, the creator of the Nmap® Security Scanner, today announced a licensing agreement for the parties to jointly develop open source vulnerability scanning technology based on the general purpose Nmap Scripting Engine (NSE) embedded within the popular Nmap network discovery tool. Under the agreement, Insecure.Org will develop the engine while the Sourcefire Vulnerability Research Team (VRT) will develop and contribute plug-ins for discovering specific vulnerabilities.

“Sourcefire was built on the premise of combining open source technologies with proprietary innovation and funded research to produce world-class solutions for our customers,” said Martin Roesch, Sourcefire’s Chief Technology Officer and the original author of Snort. “This joint effort exemplifies the spirit of the open source community, combining Insecure.Org’s active scanning expertise with Sourcefire’s vulnerability research capabilities to deliver a powerful new open source scanning technology. As open source leaders and innovators, both of our organizations are dedicated to providing users with the best possible technology to address their security issues, and we are very excited by the capabilities that this relationship will deliver.”

The new engine technology will be available within the open source Nmap Security Scanner as well as bundled into the Sourcefire 3D™ System. When combined with Sourcefire RNA as part of the award-winning 3D System, these new active scanning capabilities will enable customers to coordinate passive network discovery with surgical active scanning for a sophisticated approach to vulnerability detection. Users of Sourcefire RNA will be able to identify real-time network changes and then use the Nmap capabilities to deliver specific vulnerability information for only those assets that have been added or changed, significantly reducing scanning times, enhancing network performance and providing detailed analysis much more quickly than traditional solutions.

“This partnership is an exciting moment for the Nmap project,” said Nmap creator and lead developer Fyodor. “Nmap has grown over the years from simply enumerating open port numbers to identifying remote operating systems and application versions. With NSE we are taking the next step forward by facilitating advanced network discovery and vulnerability detection. We are grateful to Sourcefire for lending the talents of their exceptional VRT team to this project, and we are happy to see the technology providing value to Sourcefire’s enterprise customers as well.”

Sourcefire Inc. (Nasdaq: FIRE)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1927
PUBLISHED: 2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
CVE-2020-8146
PUBLISHED: 2020-04-01
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the win...
CVE-2020-6009
PUBLISHED: 2020-04-01
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.