DarkFiber Consulting – IT Managed Services

Veritas NetBackup Server/Enterprise Server Vulnerabilities

September 25th, 2008 . by DarkFiber Consulting

Symantec has released a Security Advisory to address multiple vulnerabilities in the Veritas NetBackup Server/Enterprise Server. These vulnerabilities are due to stack-based buffer overflow conditions and unsafe method calls within an ActiveX control that is part of the scheduler component. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

DarkFiber Consulting encourages users to review the Symantec Security Advisory and apply any necessary updates to help mitigate the risks.

VMware Releases Security Advisory VMSA-0008-0015

September 19th, 2008 . by DarkFiber Consulting

VMware has released a Security Advisory indicating it has updated the ESXi and ESX 3.5 packages to address a vulnerability in “openwsman”. This vulnerability is due to several buffer overflow conditions in the handling of HTTP basic authentication headers. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the host running ESXi or ESX.

DarkFiber Consulting encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.

Novell Releases Update for iPrint Vulnerability

September 4th, 2008 . by DarkFiber Consulting

Novell has released an update to address multiple vulnerabilities in iPrint. These vulnerabilities are due to the following:

  • multiple buffer overflow conditions within the Novell iPrint ActiveX control (ienipp.ocx)
  • multiple buffer overflow conditions within nipplib.dll
  • an insecure “GetFileList()” method

Exploitation of this vulnerability may allow an attacker to execute arbitrary code or obtain sensitive information.

DarkFiber Consulting encourages users to review Novell documents 5034540 and 5034560 and apply any necessary updates.