AOH :: HP Unsorted R :: B1A-1696.HTM

RSA enVision® versions prior to 3.7 SP1 Potential security vulnerability



ESA-2010-013: RSA, The Security Division of EMC, informs about potential security vulnerability in RSA enVision® versions prior to 3.7 SP1
ESA-2010-013: RSA, The Security Division of EMC, informs about potential security vulnerability in RSA enVision® versions prior to 3.7 SP1



-----BEGIN PGP SIGNED MESSAGE-----=0D
Hash: SHA1=0D
=0D
RSA, The Security Division of EMC, informs about potential security=0D
vulnerability in RSA enVision=AE versions prior 3.7 SP1=0D
=0D
Security Advisory=0D
=0D
Updated July 30, 2010=0D
=0D
=0D
Summary:=0D
=0D
RSA enVision versions prior 3.7 SP1 may contain potential denial of=0D
service vulnerability.=0D
=0D
=0D
=0D
Description:=0D
=0D
CVE Identification: CVE-2010-2634=0D
=0D
RSA enVision versions prior 3.7 SP1 may contain potential security=0D
vulnerability due to insufficient input validation. This may be=0D
exploited by malicious=0D
=0D
people to cause denial of service on the affected system.=0D
=0D
=0D
=0D
Common Vulnerability Scoring System (CVSS) Base Score:=0D
=0D
The Common Vulnerability Scoring System (CVSS) Base Score for the items=0D
identified in this advisory is CVSS v2 Base Score: 4=0D
(AV:N/AC:L/Au:S/C:N/I:N/A:P)=0D
=0D
=0D
=0D
Affected Products:=0D
=0D
* RSA enVision versions prior 3.7 SP1=0D
=0D
=0D
Unaffected Products:=0D
=0D
* RSA enVision 3.7 SP1=0D
* RSA envision 4.0=0D
=0D
=0D
Recommendations:=0D
=0D
This issue is already addressed in the following versions of enVision:=0D
=0D
* RSA enVision 3.7 SP1 and later=0D
* RSA enVision 4.0 and later=0D
=0D
RSA strongly recommends that customers upgrade their deployment at the=0D
earliest opportunity.=0D
=0D
=0D
=0D
Obtaining Downloads:=0D
=0D
To obtain the latest RSA product downloads, log on to RSA SecurCare=0D
Online at https://knowledge.rsasecurity.com and click Products in the=0D
top navigation=0D
=0D
menu. Select the specific product whose download you want to obtain.=0D
Scroll to the section for the product download that you want and click=0D
on the link.=0D
=0D
=0D
=0D
Credits:=0D
=0D
RSA would like to thank Abdoul Karim Ganame for reporting this issue.=0D
=0D
=0D
=0D
Common Vulnerability Scoring System (CVSS) Base Score:=0D
=0D
The Common Vulnerability Scoring System (CVSS) Base Score for the items=0D
identified in this advisory is 4 (AV:N/AC:L/Au:N/C:P/I:P/A:P) For more=0D
information on=0D
=0D
CVSS scoring, please see the Knowledge Base Article, "Security=0D
Advisories Severity Rating" at=0D
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?=0D
=0D
solution=a46604.=0D
=0D
=0D
=0D
Obtaining Documentation:=0D
=0D
To obtain RSA documentation, log on to RSA SecurCare Online at=0D
https://knowledge.rsasecurity.com and click Products in the top=0D
navigation menu. Select the=0D
=0D
specific product whose documentation you want to obtain. Scroll to the=0D
section for the product version that you want and click the set link.=0D
=0D
=0D
=0D
Obtaining More Information:=0D
=0D
For more information about RSA enVision, visit the RSA web site at=0D
http://www.rsa.com/node.aspx?id=3170.=0D 
=0D
=0D
=0D
Getting Support and Service:=0D
=0D
For customers with current maintenance contracts, contact your local RSA=0D
Customer Support center with any additional questions regarding this RSA=0D
SecurCare=0D
=0D
Note. For contact telephone numbers or e-mail addresses, log on to RSA=0D
SecurCare Online at https://knowledge.rsasecurity.com, click Help &=0D
Contact, and then=0D
=0D
click the Contact Us - Phone tab or the Contact Us - Email tab.=0D
=0D
=0D
=0D
General Customer Support Information:=0D
=0D
http://www.rsa.com/node.aspx?id=1264=0D 
=0D
=0D
=0D
RSA SecurCare Online:=0D
=0D
https://knowledge.rsasecurity.com=0D
=0D
=0D
=0D
EOPS Policy:=0D
=0D
RSA has a defined End of Primary Support policy associated with all=0D
major versions. Please refer to the link below for additional details.=0D
http://www.rsa.com/node.aspx?id=2575=0D 
=0D
=0D
=0D
SecurCare Online Security Advisories=0D
=0D
RSA, The Security Division of EMC, distributes SCOL Security Advisories=0D
in order to bring to the attention of users of the affected RSA products=0D
important=0D
=0D
security information. RSA recommends that all users determine the=0D
applicability of this information to their individual situations and=0D
take appropriate=0D
=0D
action. The information set forth herein is provided "as is" without=0D
warranty of any kind. RSA disclaim all warranties, either express or=0D
implied, including=0D
=0D
the warranties of merchantability, fitness for a particular purpose,=0D
title and non-infringement. In no event shall RSA or its suppliers be=0D
liable for any=0D
=0D
damages whatsoever including direct, indirect, incidental,=0D
consequential, loss of business profits or special damages, even if RSA=0D
or its suppliers have been=0D
=0D
advised of the possibility of such damages. Some states do not allow the=0D
exclusion or limitation of liability for consequential or incidental=0D
damages so the=0D
=0D
foregoing limitation may not apply.=0D
=0D
=0D
=0D
About RSA SecurCare Notes & Security Advisories Subscription=0D
=0D
RSA SecurCare Notes & Security Advisories are targeted e-mail messages=0D
that RSA sends you based on the RSA product family you currently use. If=0D
you=92d like to=0D
=0D
stop receiving RSA SecurCare Notes & Security Advisories, or if you=92d=0D
like to change which RSA product family Notes & Security Advisories you=0D
currently=0D
=0D
receive, log on to RSA SecurCare Online at=0D
https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view5. Following=0D
the instructions on the page, remove the=0D
=0D
check mark next to the RSA product family whose Notes & Security=0D
Advisories you no longer want to receive. Click the Submit button to=0D
save your selection.=0D
=0D
EMC Product Security Response Center=0D
Security_Alert@emc.com=0D 
www.emc.com/contact-us/contact/product-security-response-center.htm=0D 
=0D
-----BEGIN PGP SIGNATURE-----=0D
Version: GnuPG v1.4.9 (Cygwin)=0D
=0D
iEYEARECAAYFAkxYjrcACgkQtjd2rKp+ALx3sQCcCBpwzUTmGasyIcI18RugFGx0=0D
xigAnjQCssKArKfw9OI/4M6Mb6A8m27l=0D
=Xmud=0D
-----END PGP SIGNATURE-----=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.