Fortinet Discovers Critical Vulnerability Affecting Akamai Download Manager

Remote Buffer Overflow Vulnerability could Allow Attackers to Control Victims' Systems

SUNNYVALE, Calif., April 17, 2007 - Fortinet® - a pioneer and leading provider of unified threat management (UTM) solutions - today announced that its Fortinet Global Threat Research Team discovered a remote buffer overflow vulnerability in Akamai Download Manager (CVE-2007-1891). The vulnerability could allow attackers to cause a denial of service or run arbitrary code on an infected system. When a user is then enticed to download a file that uses an affected version of the Akamai Download Manager, a maliciously formed URL causes a buffer overflow leading to an arbitrary command execution with the privileges of that user. This vulnerability is due to improper sanitization of remotely supplied data.

Akamai Download Manager users should immediately apply the update provided by Akamai. The vulnerability specifically affects users of Akamai Download Manager ActiveX Control 2.2.0.8, although updates are available for versions up to 2.2.1.0.

For more information on these vulnerabilities, please visit Fortinet's FortiGuard™ Center at http://www.fortiguardcenter.com/advisory/FGA-2007-05.html.

For ongoing threat research, bookmark the FortiGuard Center (www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.

About Fortinet (www.fortinet.com)
Fortinet is the pioneer and market-leading provider of ASIC-accelerated unified threat management systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, Web content filtering, VPN, spyware prevention and antispam--providing customers a way to protect multiple threats as well as blended threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified eight times over by the ICSA (firewall, antivirus, IPSec, SSL, IDS, client antivirus detection, cleaning and antispyware). Fortinet is privately held and based in Sunnyvale, California.

 




QUICK FACTS
Year Founded
2000
Stock Symbol
NASDAQ: FTNT
Headquarters
Sunnyvale, California
Number of Employees
1,200+
Financial Highlights
FY09 Revenue: $252M
$260M+ cash and no debt
Profitable
First Product Release
May 2002
Units Shipped to Date
500,000+
Customers
75,000+ customers
Market Leadership
WW UTM Factory Revenue Leader
Top 4 Largest Network Security Appliance Vendor
Patents
40 patents
100+ patents pending
Industry Accolades
80+ awards, including:
Security Product of the Year
Best Integrated Security Appliance
Best IPS solution
Top Mid-market Solution
2006 Technology Pioneer
6 ICSA security certifications
NSS certified (UTM)
ISO 9001 certified
Corporate and Securities Counsel
Wilson Sonsini
Goodrich & Rosati
Palo Alto, California
Auditors
Deloitte Touche Tohmatsu
San Jose, California



In looking for a network security vendor, it was very important for us to find one that would support our new EVDO network, one that we could manage remotely and one that had consolidated functionality so that we could easily and cost-effectively add network security functions on an as-needed basis. Fortinet was the only vendor that met all these needs.

Larry Havlik, Senior Director of Information Technology and Facilities
Hat World