"><script>INSERT JAVASCRIPT HERE</script>
Solution:
No workaround available.
This vulnerability is fixed in Cisco Unified MeetingPlace Web Conferencing software version 6.0(517.0) also known as Maintenance Release 4 (MR4) for the 6.0 release, and version 7.0(2) also known as Maintenance Release 1 (MR1) for the 7.0 release.
____________
References:
chmod u-s /opt/VRTS/bin/qiomkfile
VENDOR RESPONSE
Symantec included a fix for this problem in the recent maintenance
release Veritas Software File System 5.0 MP3.
DISCLOSURE TIMELINE
30-May-2008 Discovery of Vulnerability
31-May-2008 Developed Proof-of-Concept
chmod u-s /opt/VRTS/bin/qioadmin
VENDOR RESPONSE
Symantec included a fix for this problem in the recent maintenance
release Veritas Software File System 5.0 MP3.
DISCLOSURE TIMELINE
11-Aug-2008 Discovery of Vulnerability
18-Aug-2008 Developed Proof-of-Concept
Software Versions and Fixes
===========================
This vulnerability is fixed in Cisco Unified MeetingPlace Web
Conferencing software version 6.0(517.0) also known as Maintenance
Release 4 (MR4) for the 6.0 release, and version 7.0(2) also known as
Maintenance Release 1 (MR1) for the 7.0 release.
The latest versions of Cisco MeetingPlace software can be downloaded
from:
The vendor was notified about this vulnerability on 20 October 2009 and
they’ve released a fix on 26 October 2009.
The problem was fixed in CubeCart version 4.3.5, which is available
here: http://forums.cubecart.com/index.php?showtopic=39691.
However, the post "CubeCart 4.3.5 Released, Maintenance Release",
doesn't include any information about this critical vulnerability.
[Quote]
Whats new?
- URL's Changed in WorldPay module to match "RBS Worldpay" branding
- PayPal 3D Secure Fix & Enhancements *
concrete and specific details about availability of fixes by Wednesday,
October 24th. An up to date copy of the security advisory provided for
comments and suggested workarounds.
2007-10-23: Email from Lotus Notes Security indicating that a ticket had
been opened with Autonomy and that since this is a client-side issue the
fix would be provided in one of the future maintenance releases of the
Lotus Notes client. Ongoing work with Autonomy needs to continue before
being able to confirm when the fix will be rolled into the product.
2007-10-23: Email from Core’s advisory team with follow up questions to
Lotus Notes Security: 1. Is it official policy to include fixes to
client-side vulnerabilities in maintenance releases? 2. What is the
on the compilation environment and machine architecture, this may or
may not be a significant continued vulnerability. The new patch
below correctly checks the buffer length.
* The upcoming krb5-1.6.3 release, as well as the upcoming krb5-1.5.5
maintenance release, will contain fixes for this vulnerability.
Prior to that release you may apply the following patch. Note that
releases prior to krb5-1.5 will not need the svr_policy.c patch.
*** src/lib/kadm5/srv/svr_policy.c (revision 20254)
FIXES
=====
* The upcoming krb5-1.6.3 release, as well as the upcoming krb5-1.5.5
maintenance release, will contain fixes for this vulnerability.
Prior to that release you may apply the following patch. Note that
releases prior to krb5-1.5 will not need the svr_policy.c patch.
*** src/lib/kadm5/srv/svr_policy.c (revision 20254)
* Cisco System Unified Contact Center Enterprise (SUCCE)
To determine the version of software installed on the Administration
Workstation (AW), navigate to the Add or Remove Programs window on
the Windows Server. If impacted, an entry for Cisco ICM Maintenance
Release ICM 7.1(5) will be observable in the list of installed
applications.
Products Confirmed Not Vulnerable
+--------------------------------
