Urgent from Sybase: Possible security vulnerability Pylon Anywhere
Summary: There is vulnerability in Pylon Anywhere that allows a person with knowledge of the vulnerability, and with a valid account on a Pylon Anywhere server, to access the email and PIM data of another user on the server.
This document contains the following sections:
Sybase has identified a security vulnerability in its Pylon Anywhere groupware synchronization server. The vulnerability is such that a person with knowledge of the vulnerability, and with a valid account on a Pylon Anywhere server, can access the email and PIM data of another user on the server.
No customer or user data is known to have been compromised because of this vulnerability, which was discovered in testing.
The vulnerability exists in all versions of Pylon Anywhere prior to v7.0
Solution: Install the released patch; or upgrade to a version that is not affected. The patch has no effect on the behavior of Pylon Anywhere other than to address the security vulnerability. Patches have been released for the following Pylon Anywhere versions:
Sybase strongly recommends that customers either install the appropriate patch; or upgrade to a version of Pylon Anywhere that is not affected by this vulnerability.
The EBFs can be obtained from the Sybase EBFs and Maintenance site.
If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.
Copyright © 2006 Sybase, Inc. All rights reserved.