فا

‫ Attachmate Reflection Multiple Products OpenSSL Security Issue and FTP Client Code Execution Vulnerabilities

IRCAD2014083452

ID: IRCAD2014083452

Release Date: 2014-08-07

Criticality level: Highly critical

Software:
Attachmate Reflection 14.x

Attachmate Reflection for IBM 14.x (formerly WRQ Reflection)

Attachmate Reflection X 14.x

Attachmate ReflectionFTP ActiveX Control 14.x

Reflection 14.x
Description:

A security issue and multiple vulnerabilities have been reported in multiple Attachmate Reflection products, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a user's system.

1) An error is caused due to a bundled vulnerable version of OpenSSL.

This security issue is reported in versions 14.1.3.254 and prior.

2) Multiple errors within the Reflection FTP Client OLE Automation (COM/ActiveX) API can be exploited to upload arbitrary files to a system directory and subsequently execute arbitrary code by sending a specially crafted request.

This vulnerability is reported in the versions 14.1.3.247 and prior (FTP Client versions 14.1.420.0 and prior).

Solution

Update to version 14.1.3.259 or later.

References:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 مرداد 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0