---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Reflection for Secure IT Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31531 VERIFY ADVISORY: http://secunia.com/advisories/31531/ CRITICAL: Moderately critical IMPACT: Unknown, Security Bypass, Exposure of sensitive information, DoS WHERE: >From remote SOFTWARE: Reflection for Secure IT 7.x http://secunia.com/product/19588/ DESCRIPTION: Attachmate has reported some vulnerabilities in Reflection for Secure IT, where some have unknown impacts and others can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service). 1) Some vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS. For more information: SA22130 2) The problem is caused due to an error in the RSA implementation and can be exploited to disclose private keys via side-channel attacks. 3) A weakness and a vulnerability in OpenSSH can be exploited by malicious, local users to bypass certain security restrictions or disclose sensitive information. For more information: SA29522 SA29602 4) Some vulnerabilities are caused due to unspecified errors. No further information is currently available. The vulnerabilities are reported in Reflection for Secure IT UNIX Client and Server version 7.0. SOLUTION: Update to Secure IT UNIX Client and Server 7.0 Service Pack 1 (SP1). PROVIDED AND/OR DISCOVERED BY: 4) Reported by the vendor. ORIGINAL ADVISORY: http://support.attachmate.com/techdocs/2374.html OTHER REFERENCES: SA22130: http://secunia.com/advisories/22130/ SA29522: http://secunia.com/advisories/29522/ SA29602: http://secunia.com/advisories/29602/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------