Urgent from Sybase: Possible security vulnerabilities in M-Business Anywhere 6.7 and 7.0.
Summary: M-Business Anywhere server contains a number of potential security vulnerabilities. The vulnerabilities affects M-Business Anywhere server 6.7 (Windows Build249.18612, SunOS Build250.18613, Linux Build251.18614) and 7.0 (Windows Build661.18594, SunOS Build664.18596, Linux Build663.18595). Sybase strongly recommends that customers upgrade to the latest M-Business Anywhere server as soon as possible.
This document contains the following sections:
- Customer Alert
M-Business Anywhere sync server and soap server have a number of potential security issues. These issues were reported to us by The Zero Day Initiative (ZDI), founded by TippingPoint. There have been no reported exploits of this vulnerability, and to date it has not been reported by a Sybase customer. Sybase, Inc. appreciates the efforts of ZDI to continually strengthen software throughout the industry by monitoring and testing.
These vulnerabilities affects M-Business Anywhere server 6.7 (Windows Build249.18612, SunOS Build250.18613, Linux Build251.18614) and 7.0 (Windows Build661.18594, SunOS Build664.18596, Linux Build663.18595) and all later versions.
Customers are advised to install the latest M-Business Anywhere server with patches.
Versions of M-Business Anywhere from 6.7 ESD# 2, and 7.0 ESD# 6 contain the fixes to correct the issues.
Sybase is tracking these issues under Bug ID# 656731, 656733, 666472.
These Bug IDs are fixed in the following EBFs.
|EBF# (ESD# 2)
||EBF# (ESD# 6)
|Windows (x86) 32-bit
|Sun Solaris (x86) 32-bit
|Sun Solaris (x86) 64-bit
|Linux (x86) 32-bit
EBFs are obtained from the Sybase EBFs and Maintenance site.
Follow the instructions in the EBF cover letter to install the EBF.
If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.
Copyright © 2011 Sybase, Inc. All rights reserved.