Two vulnerabilities have been detected in the management interface of the affected products. The vulnerabilities are listed under CVE-2012-2955 and CVE-2012-2202. An update has been created by IBM Security Systems that addresses the vulnerabilities.
Two vulnerabilities have been detected in the management interface of the affected products.
The vulnerabilities are:
- CVE-2012-2202: An "Arbitrary File Read" which allows access to files the web server process has authorization to read/
Both attacks are post-authentication and require the attacker to have valid login credentials for the admin UI. The end user interface is not affected by these vulnerabilities.
Resolving the Issue:
An update has been created by IBM Security Systems that addresses the vulnerabilities.
Depending on the Firmware your system is running on, there are several options to proceed.
Firmware 2.8 or newer:
- If you have enabled automatic System Package Updates no further action is necessary. The system will download install the update automatically.
- If you do manual System Package Updates:
- Log in to the Management Console
- Go to "Updates" -> "Updates & Licensing"
- Install all pending System Package Updates
- The update must be installed manually
- SSH to the system (log in as 'root')
- Run "wget http://upload.cobion.com/download/pnmss/repotools-1.1.3-16059.i586.rpm"
- Run "rpm -ihv --nodeps repotools-1.1.3-16059.i586.rpm"
|Security||Proventia Network Mail Security System||Firmware||2.5, 2.5.1, 2.6, 18.104.22.168, 2.8||All Editions|