---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Hitachi Multiple Hibun Products Security Restriction Bypass SECUNIA ADVISORY ID: SA15863 VERIFY ADVISORY: http://secunia.com/advisories/15863/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: Hibun Advanced Information Cypher 7.x http://secunia.com/product/5314/ Hibun Advanced Information Cypher 6.x http://secunia.com/product/5313/ Hibun Advanced Edition Server 7.x http://secunia.com/product/5312/ Hibun Advanced Edition Server 6.x http://secunia.com/product/5315/ DESCRIPTION: Two security issues have been reported in various Hitachi Hibun products, which can be exploit by malicious, local users to bypass certain security restrictions. 1) An error causes PCMCIA hard disks that are attached to a system to be incorrectly treated as internal hard disks. As a result, Hibun is unable to restrict files that are copied out to the hard disks. 2) An error in the Hibun Viewer allows the user to have privileges beyond the View function when using the viewer from a client PC. See the vendor advisory for a matrix of affected versions. SOLUTION: Hibun Advanced Edition Server (versions 07-50 through 07-50-/B): Update to version 7.50/C Hibun Advanced Edition Information Cypher (versions 07-50 through 07-50-/B): Update to version 7.50/C Updates are reportedly being scheduled for the other versions. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi-support.com/security_e/vuls_e/HS05-010_e/index-e.html http://www.hitachi-support.com/security_e/vuls_e/HS05-011_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------