navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: DAEMON Tools Lite 4.41.3.173

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
The Daemons Home
And, this specific program:
DAEMON Tools Lite 4.x

This thread has been marked as locked.
DenTNT DAEMON Tools Lite 4.41.3.173
Member 14th Oct, 2011 16:11
Ranking: 3
Posts: 4
User Since: 29th Sep, 2010
System Score: N/A
Location: RU
The version detected of DAEMON Tools Lite 4.x was 4.41.3.173 while the latest version including one or more security fixes is 4.41.0315.

The lastest version is v4.41.3, not 4.41.0315!!!
http://www.disc-tools.com/download/daemon

Maurice Joyce RE: DAEMON Tools Lite 4.41.3.173
Handling Contributor 14th Oct, 2011 17:34
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It is NOT what a web site prints that dictates what is on your PC.

PSI reads the meta data of programmes U have installed. What is the EXE file version of your installation when U check the properties?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-3
DenTNT RE: DAEMON Tools Lite 4.41.3.173
Member 14th Oct, 2011 17:46
Score: 3
Posts: 4
User Since: 29th Sep 2010
System Score: N/A
Location: RU
Last edited on 14th Oct, 2011 17:51
File -> Right mouse button -> Properties->Details->Version: 4.41.3.173
http://imageshack.us/photo/my-images/403/dtlite.jp...
Was this reply relevant?
+1
-0
Maurice Joyce RE: DAEMON Tools Lite 4.41.3.173
Handling Contributor 14th Oct, 2011 18:09
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
That is the file U have installed which matches PSI & is insecure.

Download the latest version & save to desktop. What are the properties of that?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-3
DenTNT RE: DAEMON Tools Lite 4.41.3.173
Member 14th Oct, 2011 18:15
Score: 3
Posts: 4
User Since: 29th Sep 2010
System Score: N/A
Location: RU
Last edited on 14th Oct, 2011 18:16
Here:
http://www.disc-tools.com/download/daemon
DTLite4413-0173.exe - this is the LAST version from official site.
http://eu-uk1.disc-tools.com/request?p=144b28b0ee7...
Was this reply relevant?
+2
-1
tomcat.x RE: DAEMON Tools Lite 4.41.3.173
Member 14th Oct, 2011 19:25
Score: 1
Posts: 2
User Since: 14th Oct 2011
System Score: N/A
Location: DE
That's the same for me. Secunia PSI says I should install 4.41.0315 but in the DAEMON Tools website (link in Secunia PSI) there is only version 4.41.3.173 for DAEMON Tools *Lite*. 4.41.0315 only exists for the Pro Standard and the Pro Advanced version.

I have Windows 7 64bit. A friend has XP and on his PC Secunia PSI reports version 4.41.3.173 as ok.
Was this reply relevant?
+3
-2
DerSanto RE: DAEMON Tools Lite 4.41.3.173
Member 14th Oct, 2011 20:34
Score: 2
Posts: 1
User Since: 14th Oct 2011
System Score: N/A
Location: DE
Same problem here.. Theres no Version 4.41.0315 for the Lite-Version :)
Was this reply relevant?
+2
-0
besafe RE: DAEMON Tools Lite 4.41.3.173
Member 14th Oct, 2011 20:49
Score: 2
Posts: 7
User Since: 27th May 2010
System Score: N/A
Location: RO
The same here .
Was this reply relevant?
+3
-2
Maurice Joyce RE: DAEMON Tools Lite 4.41.3.173
Handling Contributor 14th Oct, 2011 21:40
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 14th Oct, 2011 22:39
What Secunia are saying is the LITE version is insecure here:

http://secunia.com/advisories/46416/

To clear that vulnerability U are required to update to Trial/PRO version 4.41.0315.

The fact that the vendor has NOT bothered to update the freebie version is nothing to do with Secunia. They are interested in reporting vulnerabilities to the user & providing a possible solution to clear the vulnerability.

Being as it is a VERY LOW grade insecurity U all have numerous options.

1. Contact the vendor support & ask when they are updating the freebie LITE version.
2. Get your wallets out & buy the PRO version & stay secure.
3. Create an ignore rule having carried out a risk assessment against the advisory.
4. Uninstall the product until the vendor decides to update the freebie IF they intend doing that? Has anyone asked?

After testing it all on my test PC Secunia are correct in their advice.


@TomcatX

Your problem appears different if U are saying that Windows7 is showing it as insecure & XP is showing as secure?

In this case U should correctly evidence that & follow the guidelines of the FAQ.

http://secunia.com/products/consumer/PSI/faq/#q15

EDIT: I have just completed my tests on Windows 7 & XP SP3. When installed version 4.41.3.173 is showing as Insecure on both. Has your friend completed a full PSI scan before stating this version is secure?

Those that clearly cannot read or understand Advisories or hijack threads should not play with point scoring. I have 25 points to score up or down but am NOT A CHILD and use them wisely having given proper thought & testing to an issue rather than concentrate on getting something for free!

Nothing is free in this case. The LITE version offered by the vendor is vulnerable - they are currently only offering a secure paid for version.






--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+5
-2
ramsy RE: DAEMON Tools Lite 4.41.3.173
Member 14th Oct, 2011 23:27
Score: 2
Posts: 1
User Since: 14th Oct 2011
System Score: N/A
Location: JP
This is bad signature.4.41.0315 was Pro version's file version format.
and, Lite was fixed in 4.41.3!

JVS( http://jvn.jp/jp/JVN07414354/ ) says.
Effected:
DAEMON Tools Lite < 4.41.3
DAEMON Tools Pro Standard < 4.41.0315
DAEMON Tools Pro Advanced < 4.41.0315
Was this reply relevant?
+4
-2
Maurice Joyce RE: DAEMON Tools Lite 4.41.3.173
Handling Contributor 14th Oct, 2011 23:45
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 15th Oct, 2011 00:07
If U believe that to be the case U should suggest the programme to Secunia & write your comments in the box provided.

Only then will they investigate whether their signature is correct & make corrections as necessary which will please a few on this thread. My help to date is dedicated to the correct interpretation of the facts as they stand - U have raised a point that may be very valid in that the signature may be incorrect.

SUGGESTING A NEW PROGRAMME TO SECUNIA

Secunia do not accept programmes in ALPHA or BETA for inclusion in their database

VERSION 2


1. From the DASHBOARD page click on RESULTS.
2. On the RESULTS page look above the tab INSTALL SOLUTION & U will see a green icon & ARE YOU MISSING A PROGRAM?
3. Click it. Fill out the details requested.
4. Click SUGGEST SOFTWARE.

ALL OLDER PSI VERSIONS

1. Open the PATCHED or SECURE BROWSING tab.
2. Scroll to the bottom where U will see a link in blue ink "Program Missing? Suggest It Here!"
3. Click the link & then fill out the details in the boxes that appear(the important bit is the FILE SELECTION).
4.Click Suggest Program.

Normally,Secunia respond by email that the programme has been added to their database. A full PSI scan should reveal it.


Update 7 09:10 10/10/2011

or follow this link if U think Secunia are in error in reporting.

http://secunia.com/products/consumer/PSI/faq/#q15

Just checked your observation in English as follows:

JVN#07414354
DAEMON Tools vulnerable to denial-of-service
Overview

DAEMON Tools contains a denial-of-service (DoS) vulnerability.


Products Affected

•DAEMON Tools Lite versions prior to 4.41.3
•DAEMON Tools Pro Standard versions prior to 4.41.0315
•DAEMON Tools Pro Advanced versions prior to 4.41.0315
Description

DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service (DoS) vulnerability.

That reports the vulnerability NOT the fact there is a fix.


A red herring as far as I am concerned.





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
Maurice Joyce RE: DAEMON Tools Lite 4.41.3.173
Handling Contributor 15th Oct, 2011 00:18
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I will unsubscribe from this thread. I am not prepared to waste anymore of my valuable free time commenting on a freebie programme which IS VULNERABLE until such time as the vendor or a Forum member produces concrete evidence to the contrary. To date I can see none.

That evidence should been sent to Secunia as outlined above.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-3
Anthony Wells RE: DAEMON Tools Lite 4.41.3.173
Expert Contributor 15th Oct, 2011 12:26
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 15th Oct, 2011 12:34
Hello All ,

As I read it , the link and Japanese data provided by @ramsy and later translated by @Maurice Joyce can be found in the Secunia Advisory itself - scroll down to "Original Advisory" . There is also an English reference immediatelybelow it in the Advisory ; this is the link :-

http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-00...

Again , it clearly states that versions "Lite" affected are those PRIOR to 4.41.3.

As has been stated , there appear to be two separate numbering systems for Lite and the other commercial products .

Either Secunia have more data subsequent to the referenced Japanese vulnerability report which incriminates the Lite version or they have made a mistake , perhaps caused by the version number differentiation .

It does seem strange that they suggest updating a "Free" programme to a "payed for" version (without caveat) ; not the Secunia norm in general .

Either wait for support to pick this up when they get back to this Forum Monday 17th (CET) or post this exact information and asking for clarification in the "Comments" section at the bottom of the Advisory itself :-

http://secunia.com/advisories/46416/

I personally would wait for support to check it out . Any comments made should be specific to the Advisory and not (necessarily) any PSI display problems .

EDIT : You will also note that the SA only mentions the payed for version number 4.41.0315, no mention is made of the Lite version number .

Take care

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
tomcat.x RE: DAEMON Tools Lite 4.41.3.173
Member 15th Oct, 2011 20:27
Score: 1
Posts: 2
User Since: 14th Oct 2011
System Score: N/A
Location: DE
Sorry for wrong information: On Windows XP Secunia PSI also indicates DAEMON Tools Lite 4.41.3.173 as insecure after a full scan. I also checked this now on my notebook which is running under XP.
Was this reply relevant?
+0
-0
kwgagel RE: DAEMON Tools Lite 4.41.3.173
Member 16th Oct, 2011 03:56
Score: 0
Posts: 1
User Since: 18th Jul 2008
System Score: N/A
Location: CA
In addition to the version confusion the Online scanner (OSI) and the Personal scanner (PSI) detect different things.

The OSI does NOT bring up the DAEMON Tools as vulnerable.
The OSI DOES bring up that Adobe Flash (Internet Explorer version) on my system is vulnerable and needs to be updated.

The PSI does NOT bring up that Adobe Flash (Internet Explorer version) on my system is vulnerable.
The PSI DOES bring up the DAEMON Tools as vulnerable.

Looks more like the PSI is not coded correctly...
Was this reply relevant?
+0
-0
Anthony Wells RE: DAEMON Tools Lite 4.41.3.173
Expert Contributor 16th Oct, 2011 14:15
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 16th Oct, 2011 14:18
Hello @kwgagel ,

It is likely that the Daemon Tools stuff is not even in the OSI database (it is much smaller than that of the PSI) .

It looks as if the PSI detection rules for DT Lite are incorrect , probably because the Secunia Advisory mentions the free Lite and paid for Pro versions in the "Software" heading , but fails to identify (lower down) the Lite versions under the "Description" and "Solution" headings . This would seem to be a problem of incomplete documentation in the Advisory causing incorrect detection by the PSI . If you have Lite 4.41.3.x loaded you have the latest version available and are "probably" up to date and "secure" from all that I can see .

As I said earlier , best wait 'till support turn up tomorrow .

If you have a problem with Flash identification between the OSI and the PSI (where the databases should correspond - they do for my system) that is an entirely different matter , so create a new thread rather than hijack this one .

Hope that is clear .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
This user no longer exists RE: DAEMON Tools Lite 4.41.3.173
Member 17th Oct, 2011 12:27
Hi,

We have resolved a mismatch between file information and the information given in the advisory.

The Secunia advisory has been updated to reflect this.

If you run a full rescan, the program should be shown as patched.

Hope this helps.
Was this reply relevant?
+0
-0
Comrad RE: DAEMON Tools Lite 4.41.3.173
Member 17th Oct, 2011 18:46
Score: 1
Posts: 3
User Since: 15th Oct 2011
System Score: N/A
Location: UA
Now all is fine!!!
Thanks.
Was this reply relevant?
+0
-0
jdgwc3rd RE: DAEMON Tools Lite 4.41.3.173
Member 17th Oct, 2011 23:59
Score: 0
Posts: 1
User Since: 9th Sep 2010
System Score: 99%
Location: US
9.xxx
Updates.

--
gwciii
Was this reply relevant?
+0
-0
sunshine1708 RE: DAEMON Tools Lite 4.41.3.173
Member 20th Oct, 2011 13:49
Score: 0
Posts: 1
User Since: 20th Oct 2011
System Score: N/A
Location: US
I had the same problem.
All the best

--
<a href="http://www.wartrols.com">rid genital warts</a>
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+