Aventail README • 1

Aventail README ASAP Platform version 8.5 Part No. 0850-000010-03 June 30, 2005 This README highlights new features and provides late-breaking information about the Aventail EX-1500 and EX-750 appliances. It also lists known issues that are fixed in this release. This information supplements the printed and online documentation that accompanies the EX-1500 and EX-750. Review the README before installing and configuring your Aventail appliance.

What’s New in this Release? Version 8.5 of the Aventail ASAP platform includes the following new and enhanced features: •

Network tunnel clients: This release introduces two new network tunnel clients that provide full network access and greater application compatibility. The network tunnel clients consist of Connect Tunnel, a new generation of Aventail’s Windows client, and OnDemand Tunnel for browser access. Both clients are deployed from the ASAP WorkPlace portal and managed from the ASAP Management Console (AMC) by the new network tunnel service. In a related change, the OnDemand proxy agent’s traffic is now managed by the Web proxy service. Other network tunnel features include: o

Expanded protocol and application support: In addition to supporting standard client/server applications over TCP/IP, the Aventail tunnel clients provide support for a wide variety of protocols and applications including non-TCP/IP protocols such as Voice over Internet Protocol (VoIP), ICMP, multicast, as well as improved UDP access. The appliance supports bi-directional, reverse, and cross-connections, meaning that the VPN can provide client access to, for example, SMS, FTP, and help desk remote control applications.

o

Smart Redirection and Smart Addressing: The network tunnel service automatically provides redirecting and routing information based on the resources defined in AMC and local network settings.

o

Redirection Mode: This feature lets administrators specify how tunnel client traffic is redirected to the appliance. The appliance can redirect all traffic or use split tunnel redirection for only those resources defined in AMC.

•

Flexible access control policy: Access control rules can be configured not only for user connections to network resources, but for network resource access to users (such as SMS). Access rules can also be set up to control the traffic between users.

•

Setup Wizard: The new Setup Wizard simplifies the initial installation and configuration of the appliance. The wizard guides you through the process of configuring basic network settings, generating an SSL certificate, setting up local users for testing, and defining initial access control rules and resources.

•

Communities: User populations can be assigned to specific communities to provide more granular deployment of access agents and End Point Control tools, and for more convenient policy management when used in access control rules.

•

Enhanced End Point Control: Protection at the end point has been enhanced for Windows, Macintosh, and Linux client devices. This release introduces End Point Control (EPC) device profiles for Macintosh and Linux, which can include directory and file names, file size and timestamp, applications, and for Macintosh, detection of antivirus programs. For Windows devices, EPC device profiles have been enhanced by adding detection of Windows versions, file

©2005 Aventail Corporation. All rights reserved.

2 • ASAP Platform version 8.5

timestamp and size. For greater flexibility, certain attributes defined in device profiles can use comparison operators such as greater than, greater than or equal to, and so on. •

Expanded browser support: End users can now connect to the appliance using the Firefox browser for Windows, Macintosh, and Linux, and the Safari browser for Macintosh.

•

Graphical system and user monitoring: The Aventail home page displays a graphical summary of system status including active users, network bandwidth, disk space usage, and CPU usage, with a link to more detailed monitoring graphs and system status information.

•

Improved log viewer: The appliance’s log viewer has been updated to enhance the display of system and server information and provide improved presentation of log message text to facilitate troubleshooting. New logging features include filtering, searching, sorting, and exporting of log data to comma-delimited files.

•

ASAP WorkPlace customization: The ASAP WorkPlace portal can be set up as multiple, separate sites, each with a unique URL, for different user segments. These sites can have different greeting text, color schemes, and logos, and can be associated with authentication realms.

•

FIPS (Federal Information Processing Standard) support: For enhanced security, Aventail offers an EX-1500 appliance that is equipped with a FIPS-compliant (Federal Information Processing Standard) hardware security module for creating keys and digital certificates. The hardware security module included in the appliance is compliant with FIPS 140-2 Security Level 2.

•

Internationalization support: The appliance provides support for extended character sets or double-byte character sets so that usernames, passwords, and resource names can be entered and displayed in AMC using native character sets that contain extended or doublebyte characters. The appliance also supports character encoding for RADIUS policy servers that use non-English character sets.

•

Improved AMC user interface: Rules displayed on the Access Control page can be expanded to view detailed information about a rule. Other AMC pages that display lists of objects also have this expanded view feature.

Upgrading from Prior Versions If you are upgrading to ASAP version 8.5 from a previous release, be sure to consult the upgrade instructions in the Upgrade Guide for detailed information. You’ll find a copy of this document on the Aventail Assurance support site.

© 2005 Aventail Corporation. All rights reserved.

Aventail README • 3

Known Issues This section describes the known issues for this release.

Platform SNMP MIB modules for external servers and clustering not supported by ASAP v 8.5 (28623) DESCRIPTION

The Aventail MIB file that is downloaded from the Configure SNMP page contains two MIB modules named “aventailExternal Servers” and “aventailCluster” that are not supported by v8.5 of the Aventail ASAP platform. These MIB modules will not provide SNMP data.

Delay in decrementing license count when users log out of ASAP WorkPlace (27714) DESCRIPTION

When users log out of ASAP WorkPlace, the appliance does not immediately decrement the license count for current active users. This could potentially prevent other users from logging in if the license count is exceeded. The license count is decreased when the WorkPlace session automatically times out after 15 minutes.

Time zone change in AMC not reflected in log files (28407) DESCRIPTION

When the time zone setting is changed on the General Settings page in AMC, the log files are not updated to reflect the new time zone.

SOLUTION

The correct time zone is displayed on the View Logs page after restarting AMC.

ASAP Management Console (AMC) Local users with names containing non-ASCII characters initially unable to authenticate (27867/28253) DESCRIPTION

If local users are configured in AMC with usernames containing non-ASCII characters, the appliance can’t initially authenticate the users. When users attempt to access ASAP WorkPlace by entering UTF-8 characters for their username at the login prompt, the authentication fails.

SOLUTION

Use the following workaround: 1.

Add the local user whose name includes non-ASCII characters to the Users & Groups>Local Accounts page in AMC.

2.

Add a different temporary local user whose name does not include non-ASCII text.

3.

Restart AMC.

4.

Delete the temporary local user.

5.

Apply the changes in AMC.

OnDemand applications can't have the same name as a resource (26058) DESCRIPTION

When configuring an application for use with OnDemand on the Mapped Mode page, assigning that application a name that is already assigned to another resource previously configured in AMC will cause a conflict. This will not display an error message when the OnDemand application is saved. However, editing the

©2005 Aventail Corporation. All rights reserved.

4 • ASAP Platform version 8.5

other resource on the Add/Edit Resource page displays the message “The name entered is already in use by another resource.” SOLUTION

Do not assign the same name to an application configured for OnDemand and to another resource.

Configuring OnDemand for a remote desktop connection in port-mapped mode on Windows XP SP2 (26051) DESCRIPTION

For machines running Windows XP Service Pack 2, configuring OnDemand for a remote desktop connection in port-mapped mode will not work with the default local port setting (3389) assigned by AMC.

SOLUTION

On the Mapped Mode page for Aventail OnDemand, with Windows Terminal Server selected as the Service type, confirm that the Local host is set to 127.0.0.1 and change the Local port to any port number other than 3389 (for example, 3390).

Importing a partial configuration in AMC does not work (27860/28218) DESCRIPTION

Importing a partial configuration in AMC (using one of the Partial configuration options on the Import/Export page) does not work.

SOLUTION

To work around the issue, import a full configuration instead.

Cannot authenticate to a RADIUS server located on an external network over a custom port (27622) DESCRIPTION

A RADIUS authentication server located on an external network (that is, accessed from the appliance’s external network interface) will only be accessible using the default RADIUS port (1645). If you specify an alternate RADIUS port number in AMC, users will be unable to authenticate to the appliance.

Network Tunnel Service Access control rule changes don’t affect active network tunnel connections (27595) DESCRIPTION

When network tunnel sessions are active on client computers, applying changes to access control rules in AMC will not terminate or affect those tunnel connections.

SOLUTION

This functionality is by design. However, if an administrator wants to immediately apply access policy changes to active network tunnel connections, there are two alternatives. One option is to temporarily end active sessions (for a 10-minute duration) for selected users on the Active Users page. The other option is to stop and then restart the network tunnel service on the Services page, which will terminate connections with all network tunnel clients. In either case, when the network tunnel client users log back in, the access policy changes will apply to them.

DNS or WINS server addresses may conflict with local gateway address DESCRIPTION

If you configure the network tunnel service with DNS or WINS servers that conflict with the client's local gateway address, the tunnel service may not resolve the address conflict. In this case, when the user runs the tunnel client an error message will appear indicating that there is an IP address conflict and network connections may be unreliable or fail. To avoid the problem, be sure to specify alternate DNS and WINS servers when configuring the tunnel service.

© 2005 Aventail Corporation. All rights reserved.

Aventail README • 5

Web Proxy Service Single sign-on is not supported for non-English credentials encoded using UTF-8 (28660/28174/26983/27351) DESCRIPTION

For users with non-English UTF-8 username or password, single sign-on is not supported when accessing a resource on a Microsoft IIS server (or any other Web server that does not support UTF-8 encoding). For example, if a user authenticates to the appliance using a Japanese username and password, and then accesses a resource (configured with single sign-on) stored on a Microsoft IIS server, he or she will be re-prompted to authenticate. This issue is caused by a bug in Microsoft IIS.

Netegrity Single Sign-On doesn’t function when Aventail standard Web mode is enabled (25881) DESCRIPTION

Single sign-on does not function when accessing a resource protected by Netegrity if the user’s ASAP WorkPlace session has the standard Web mode enabled. In this situation the user is re-prompted for authentication when they click on the Netegrity resource in WorkPlace.

SOLUTION

Netegrity single sign-on works properly when accessing a resource from WorkPlace using translated Web mode.

Disabling HTTP 1.1 setting in Internet Explorer causes browser connections to fail (26286) DESCRIPTION

If Internet Explorer is configured to disable the Use HTTP 1.1 setting on the Advanced Internet options tab, when a user logs in to a realm that provisions Aventail’s Web proxy agent, all browser connections will fail when the standard agent is activated.

SOLUTION

Ensure that the Use HTTP 1.1 option is enabled in Internet Explorer.

Logging out of Microsoft OWA 2003 in Internet Explorer forces user to reauthenticate to the appliance (23922) DESCRIPTION

Using Internet Explorer to log out of OWA 2003 logs users out of ASAP WorkPlace and forces them to reauthenticate to the appliance.

SOLUTION

Using the Web proxy agent will resolve this issue.

Aliased URLs cannot contain query strings or file names (23913) DESCRIPTION

When creating an aliased URL to a resource, do not end the URL with a either a query string or a file name. When the Aventail Web access service receives an aliased URL ending in a query string or file name, it may not make a proper request to the back end server because it appends a trailing slash to the URL.

SOLUTION

When creating an aliased URL, make sure that it points to a directory.

ACL denies access to Citrix in OnDemand port-mapped mode (26076) DESCRIPTION

When an access control rule denies access to a Citrix back-end server, the Aventail Web access service is incorrectly translating the Citrix .ica file even when the OnDemand port-mapped configuration is not loaded. In this situation, when a user logs in to a realm via OnDemand and downloads an .ica file, attempting to connect to the Citrix host would fail.

©2005 Aventail Corporation. All rights reserved.

6 • ASAP Platform version 8.5

Outlook Web Access unable to display Japanese characters (28316) DESCRIPTION

When running Outlook Web Access (OWA) from ASAP WorkPlace in translated Web mode, Japanese characters do not display properly because of a Javascript translation problem.

SOLUTION

Disable Javascript translation for the OWA Web application profile on the Add/Edit Web Application Profile page in AMC.

ASAP WorkPlace WorkPlace incorrectly may display OnDemand proxy connection error when using Macintosh OS X 10.4 and Safari browser (28471) DESCRIPTION

Users running Macintosh OS X 10.4 (Tiger) and the Safari browser may see an erroneous error indicator (a red exclamation mark) in the Connection Status area of ASAP WorkPlace for the OnDemand proxy client. However, clicking on the Details page in ASAP WorkPlace will correctly indicate that OnDemand is working properly.

Custom WorkPlace logo and help file cannot contain international characters (27643/27644) DESCRIPTION

If a custom ASAP WorkPlace site created on the Configure WorkPlace Site page references a logo or help file whose filename contains non-ASCII characters, AMC will display an “unable to read file” error message when the site configuration is saved.

SOLUTION

Don’t use help or log files with names that contain international characters when creating a custom WorkPlace site.

Problems with bookmarking WorkPlace pages (27737/28438) DESCRIPTION

Two problems can arise when users bookmark certain pages in WorkPlace. First, when users bookmark the WorkPlace login page, which displays a list of available authentication realms, then the list the users see will not be updated when the administrator configures additional realms. Second, when users bookmark a WorkPlace network shortcut page, subsequent attempts to log out of WorkPlace from that bookmarked page fail when users click OK at the "Navigate away from this page" prompt.

SOLUTION

When bookmarking a page in WorkPlace, ensure that only the external IP address or the appliance’s fully qualified domain name is included in the bookmark, while excluding any subsequent URL parameters from the bookmark.

Intermittent cookie error message displays in WorkPlace (28603/28662) DESCRIPTION

When logging in to WorkPlace, a cookie error page with the message “Invalid session. Your browser does not have the required cookie, click OK to refresh” intermittently appears after entering login credentials.

SOLUTION

If this cookie error message appears during WorkPlace login, click OK to continue logging in to WorkPlace.

© 2005 Aventail Corporation. All rights reserved.

Aventail README • 7

Connect and OnDemand Tunnel Clients Logo qualification warning for Connect Tunnel is suppressed (28682) DESCRIPTION

Aventail and Microsoft are in the process of completing the Microsoft Windows logo qualification. To enhance the user experience, the prompt notifying the user that the driver has not received Windows logo qualification has been temporarily disabled

Connect tunnel connection status displays inaccurate server IP address (27139) DESCRIPTION

When users are running the Connect tunnel client, the Details tab of the Aventail VPN Connection Status dialog box does not display the correct server IP address, but instead duplicates the client IP address in the server IP address field.

Proxy detection fails when user logs in to Windows using different privileges (28678) DESCRIPTION

If a user runs proxy detection with the Connect tunnel client while logged in to Microsoft Windows XP as an administrator, logs out, and then logs in as a user, proxy detection will fail because the user does not have the proper privileges for the Connect tunnel to overwrite the existing PAC (proxy auto-configuration) script file that was created when the user was logged in with administrator privileges.

SOLUTION

While logged in to Windows XP as an administrator, have the user delete the file Aventail Smart Tunnel.pac from the folder C:\Documents and Settings\All Users\Application Data\Aventail.

Connect tunnel client connection fails when computer configured for proxy detection (28105) DESCRIPTION

When a Windows XP client computer is configured to use an HTTP proxy server, the Connect tunnel client is unable to establish a connection to the appliance during Windows logon.

OnDemand tunnel agent connection to Internet fails when Internet Explorer configured for HTTP proxy server (28647) DESCRIPTION

If Internet Explorer is configured to use an HTTP proxy server, connections to the Internet using the OnDemand tunnel agent will fail, while connections to redirected network resources will work correctly.

Connect tunnel client may display a second certificate-verification prompt (28069) DESCRIPTION

When starting the Aventail Connect tunnel client, users may be prompted twice to accept a certificate. This occurs only intermittently.

SOLUTION

To avoid the second certificate prompt on subsequent connections, permanently accept the certificate.

OnDemand tunnel agent activates before upgrade is completed if user does not have administrator privileges (28513) DESCRIPTION

When a user without administrator privileges updates the Aventail OnDemand tunnel agent software, the OnDemand tunnel agent automatically activates before the update is complete.

©2005 Aventail Corporation. All rights reserved.

8 • ASAP Platform version 8.5

PAC files specified by file:/// or ftp:// paths fail to load in Connect tunnel client (27787) DESCRIPTION

HTTP proxy detection fails when the PAC file is specified with a file:/// or ftp:// protocol identifier in the Windows Internet settings.

Connect Proxy Client User-entered non-English characters not displayed correctly (26846) DESCRIPTION

When users enter text in any fields in the Connect proxy client, the text is not displayed correctly.

Fast user switching in Windows XP does not shut down Connect proxy client (23580) DESCRIPTION

When using fast user switching in Windows XP to accommodate multiple users, the Connect proxy client continues to run.

Connect Proxy Client Configuration Tool crashes when adding domains on Japanese systems (28403) DESCRIPTION

On Japanese systems, the Aventail Connect Configuration Tool crashes when attempting to add a domain to a configuration file.

OnDemand Proxy Agent OnDemand does not support Cisco Security Agent (28240) DESCRIPTION

The OnDemand proxy agent does not properly route Cisco Security Agent traffic through the appliance.

Web Access Agents Microsoft Share Point displays incorrect error page when accessed by non-administrator user with Aventail Web proxy agent (27092) DESCRIPTION

When a user who connects to the appliance using the Web proxy agent does not have administrator privileges for a Microsoft Share Point site, clicking the Manage Users link and then clicking Cancel instead of entering a user name and password will display the error message “you are not authorized to view this page,” instead of displaying the appropriate Share Point error page.

End Point Control (EPC) Aventail Secure Desktop incompatible with certain access methods (27830/26125/27820/26499) DESCRIPTION

Aventail Secure Desktop is not compatible with the OnDemand tunnel client, the Web proxy client, or with the OnDemand proxy client in dynamic redirection mode.

HTTPS URL resources seen in WorkPlace when corresponding host resource isn't created (25893) DESCRIPTION

Creating an HTTPS URL resource with a Web shortcut in AMC displays the shortcut in ASAP WorkPlace, but clicking the link fails to connect the user to the resource.

© 2005 Aventail Corporation. All rights reserved.

Aventail README • 9

SOLUTION

To access a back-end HTTPS Web resource through the Web proxy agent, you must take an additional step when configuring resources and access control rules. In addition to defining the back-end server as a URL resource and creating an access control rule, you must also create a host resource for the Web resource (or a domain resource containing the Web server) and include it in the access control rule.

Aventail Cache Control does not remove passwords cached by Safari browser (25149) DESCRIPTION

If Macintosh users configure Safari to remember credentials, Aventail Cache Control is unable to remove any basic authentication passwords that are cached by the browser

Aventail Secure Desktop prevents display of ASAP WorkPlace home page when Internet Explorer configured for proxy server (27697) DESCRIPTION

When Internet Explorer is configured to run through a proxy server, Aventail Secure Desktop initially prevents the ASAP WorkPlace home page from displaying correctly.

SOLUTION

Refreshing the ASAP WorkPlace home page in Internet Explorer will correctly display the page.

Aventail Secure Desktop conflicts with McAfee Antivirus v8.0 (28543) DESCRIPTION

If McAfee Antivirus v8.0 is running in the background on a client computer, when the user logs in to the appliance and is assigned to an End Point Control zone that deploys Aventail Secure Desktop, then ASD fails to start displays the error message “Cannot startup Virtual desktop because no shell_Traywnd.”

End Point Control unable to detect McAfee ViruScan Enterprise v8.0i (25668) DESCRIPTION

When an End Point Control zone references a device profile configured to detect McAfee antivirus software, the EPC interrogator is unable to detect McAfee ViruScan Enterprise v8.0i on client computers.

Microsoft Windows AntiSpyware tool displays alerts during Aventail agent installation (28130) DESCRIPTION

If the Microsoft Windows AntiSpyware tool is running on Windows computers when users log in to the appliance, the spyware tool will display a series of alerts and prompts when the appliance installs or deploys access agents or EPC agents.

SOLUTION

When the spyware tool prompts users to allow or block the Aventail installer or an access component, they should select the Allow option.

Cluster Configuration Interface monitoring for clustered environments disabled by default (28637) DESCRIPTION

Because of an interoperability problem with some switch manufacturers, the interface monitoring feature for high-availability clusters is disabled by default for this release. If you are using a switch connection that supports the 802.1d spanning tree protocol, enabling interface monitoring can result in either a continuous failover state or the interface alternating between being up and down.

SOLUTION

Interface monitoring cannot be re-enabled via the Network Settings page in AMC, but instead requires editing a configuration file on the appliance. If you need to re-enable interface monitoring, contact Aventail technical support for information.

©2005 Aventail Corporation. All rights reserved.

10 • ASAP Platform version 8.5

Customized WorkPlace logo not copied to slave node (27606) DESCRIPTION

In a clustered environment, importing a graphic file to customize the logo on a WorkPlace site using on the Configure WorkPlace Site>Appearance page in AMC on the master node does not automatically copy the file to the slave node.

SOLUTION

Manually copy the logo file from the master node to the slave node using Secure Copy (scp).

Known Firefox Browser Incompatibility Issues Aventail Cache Control closes after being enabled (27171) DESCRIPTION

When Firefox users who are assigned to an End Point Control zone that deploys Aventail Cache Control (ACC) access ASAP WorkPlace, ACC displays a message that cleaning the browser cache but closes immediately after it starts.

OnDemand unable to run in Firefox on Macintosh computers (27044) DESCRIPTION

The OnDemand proxy client is unable to run in the Firefox browser on Macintosh computers because Firefox does not support Sun JVM 1.4.2 for Macintosh.

Firefox truncates filenames containing spaces when downloading files with ASAP WorkPlace (28299) DESCRIPTION

When users running Firefox download a file via ASAP WorkPlace whose filename includes spaces, the filename is truncated to remove all characters after the space, including the file extension.

NTLM authentication fails when Firefox uses manual proxy configuration (27665) DESCRIPTION

When Firefox is configured to use manual proxy configuration, single sign-on using NTLM authentication fails and the user is re-prompted for credentials.

OnDemand proxy agent intermittently fails to install during initial login (28562) DESCRIPTION

When Firefox users initially log in to ASAP WorkPlace and are assigned to a community configured to deploy the OnDemand proxy agent, OnDemand will not install or activate.

SOLUTION

The OnDemand proxy agent installs and activates correctly on subsequent connections to ASAP WorkPlace.

© 2005 Aventail Corporation. All rights reserved.

Aventail README • 11

Issues Fixed in This Release The following known issues from previous versions of the appliance are fixed in this release. The numbers refer to the tracking IDs used in previous versions of the README. ASAP Management Console (AMC) 22916

Local user accounts on slave node are overwritten when AMC applies changes.

26309

Upgrade fails when a resource group contains the OnDemand Dynamic Proxy resource.

26131

Group caching remains enabled when LDAP group lookup options are disabled.

Web Access Service 25448

Standard Web agent does not work with NTLM-protected resources.

26228

With SSO enabled, back-end resources configured with NTLM authentication forwarding are sometimes inaccessible using Mozilla v1.7.2.

26127

In translated Web mode, reloading a page in Mozilla v1.7.2 may cause intermittent JavaScript warnings.

26285

Microsoft OWA 2003 re-prompts for authentication using Firefox browser.

Platform 26163

Message log shows incorrect access control list rule numbers.

26193

Partition size not available via SNMP.

26274

Incorrect message when upgrade partition insufficient space.

ASAP WorkPlace 26141

OnDemand status details not displayed for Internet Explorer 5.2.3 for the Macintosh.

26256

Disabling ActiveX in Internet Explorer causes script errors in ASAP WorkPlace with standard Web agent.

26250

Disabling ActiveX in Internet Explorer causes WorkPlace to halt.

End Point Control 25097

Dynamic Redirection prevents resource access in OnDemand under Aventail Secure Desktop.

25521

File downloading error in ASAP WorkPlace with permission denial.

25592

EPC installation delay for Windows restricted users.

26239

After disabling EPC, default zone continues to block VPN access.

Clustered Configuration 26261

License file is not properly synchronized on secondary node of cluster.

©2005 Aventail Corporation. All rights reserved.

12 • ASAP Platform version 8.5

Security Fixes in This Release The following security vulnerabilities are fixed in this release. Each issue is tracked using one or more of the following IDs: •

The five-digit number is an internal Aventail tracking ID.

•

CVE numbers refer to the ID used on the used on the Common Vulnerabilities and Exposures Web site (http://www.cve.mitre.org).

•

DSA numbers refer to Debian Security Advisory IDs (http://www.debian.org/security/).

24678

Apache Mod_SSL SSL_Util_UUEncode_binary stack buffer overflow vulnerability CVE: CAN-2004-0488

24738

Linux kernel e1000 Ethernet card driver kernel memory disclosure vulnerability CVE: CAN-2004-0535

25067

Apache ap_escape_html memory allocation denial of service vulnerability CVE: CAN-2004-0493

25239

Linux kernel file offset pointer memory disclosure vulnerability CVE: CAN-2004-0415

26247

OpenSSL workaround SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

26365

Multiple buffer overflows in libXML CVE: CAN-2004-0989

26366

Unknown vulnerability in the passwd_check function in Shadow CVE: CAN-2004-1001

26367

GZIP insecure temporary file creation vulnerability CVE: CAN-2004-0970

27623

Web proxy agent and OnDemand proxy agent configuration files vulnerability

27650

OpenSSL insecure temporary file in der_chop script CVE: CAN-2004-0975

© 2005 Aventail Corporation. All rights reserved.