Tech Talk

[here]

FYI...

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=215600307
March 2, 2009 - "IBM said a recent firmware update could cause the Seagate disk drives on more than two dozen models of its business servers to fail, leading to a situation that could cause customers to lose access to critical corporate data. In a current support bulletin*, the company said the bug affects a range of models in its BladeCenter, xSeries, and System x lines of servers. "After a power cycle, the SATA drive is no longer available and becomes unresponsive," IBM warned. "Data may become inaccessible due to the drive not responding," according to the bulletin, which lists numerous IBM server configurations at risk from the problem. IBM said customers should use the ServeRAID manager or other tools to determine their disk drive model and firmware. IBM said it plans to fix the problem in a firmware update "scheduled for first quarter 2009." The company did not offer further specifics on a release date. The update, when available, will be accessible as a download from IBM's System x support Web site... IBM said the warning applies to server products sold worldwide."
* http://preview.tinyurl.com/c8fy3l
Last modified: 2009-02-18

 

[wp6sr.dll]

FYI...

- http://www.us-cert.gov/current/index.html#autonomy_keyview_sdk_vulnerability
March 18, 2009 - "US-CERT is aware of reports of a vulnerability that affects the Autonomy KeyView SDK wp6sr.dll library. This library is used by certain products, including Lotus Notes and Symantec, to support the handling of Word Perfect documents. By convincing a user to open a specially crafted Word Perfect document with an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code...
• IBM Lotus Notes users should review the IBM Flash Alert and implement the listed fixes or workarounds. http://www-01.ibm.com/support/docview.wss?uid=swg21377573
• Symantec users should review Symantec Security Advisory SYM09-004 and implement the listed fixes or workarounds. http://www.symantec.com/avcenter/security/Content/2009.03.17a.html
• Registered Autonomy Users should review the related Autonomy alert (login required). https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html ..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4564
Last revised: 03/20/2009
CVSS v2 Base Score: 9.3 (HIGH)

 

[IBM Access Support ActiveX control stack buffer overflow]

FYI...

IBM Access Support ActiveX control stack buffer overflow
- http://www.kb.cert.org/vuls/id/340420
Date Last Updated: 2009-03-25 - "... IBM Access Support ActiveX control, which is provided by IbmEgath.dll, contains a stack buffer overflow in the GetXMLValue() method. We have confirmed that version 3.20.284.0 is vulnerable. Other versions may also contain the flaw.
... Impact: By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.
... Solution: We are currently unaware of a practical solution to this problem. Please consider the following workarounds: Disable the IBM Access Support ActiveX control in Internet Explorer.
The vulnerable ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID: {74FFE28D-2378-11D5-990C-006094235084} ..."

- http://secunia.com/advisories/34470/2/
Critical: Highly critical
Solution Status: Unpatched...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0215
Last revised: 03/25/2009
CVSS v2 Base Score:9.3 (HIGH)...

 

[Solution]

FYI...

- http://preview.tinyurl.com/c8fy3l
RETAIN tip: H194623
Last modified: 2009-03-13 
"...Solution
This behavior is corrected in IBM SAS hard disk drive update program version 1.04. IBM strongly recommends applying the firmware update to prevent affected hard drives from becoming inaccessible. As always IBM recommends backing up your data before applying any hard drive firmware updates.
The file is available from the IBM Systems Support Web site..."
(Links to "IBM SAS hard drive update program v1.04" available at the URL above.)

 

[IBM Support Assistant - multiple vulns]

FYI...

IBM Support Assistant - multiple vulns
- https://secunia.com/advisories/49755/
Release Date: 2012-06-29
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7271 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4647 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0186 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0187 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0191 - 5.0
... for more information: https://secunia.com/SA49624/ - IBM Lotus Expeditor 6.x
Solution: Update to version 4.1.3.
Original Advisory: IBM:
http://www.ibm.com/support/docview.wss?uid=swg21599620