Urgent from Sybase: Possible security vulnerabilities in M-Business Anywhere 6.7 and 7.0.
Summary: M-Business Anywhere server contains two potential security vulnerabilities. The vulnerabilities affect M-Business Anywhere server 6.7 (earlier than Windows Build255, SunOS Build257, Linux Build256) and 7.0 (earlier than Windows Build669, SunOS Build670, Linux Build671). Sybase strongly recommends that customers upgrade to the latest M-Business Anywhere server as soon as possible.
Contents
This document contains the following sections:
- Customer Alert
- Recommendation
Customer Alert
These vulnerabilities affect M-Business Anywhere server 6.7 (earlier than Windows Build255, SunOS Build257, Linux Build256) and 7.0 (earlier than Windows Build669, SunOS Build670, Linux Build671) and all earlier versions. These vulnerabilities affect all installations of the affected versions. It is not possible to work around these issues. These vulnerabilities have the potential to allow unauthorized users to have elevated access rights.
Recommendations
Customers are advised to install the latest M-Business Anywhere server with patches.
Fixed Versions
Versions of M-Business Anywhere from 6.7 ESD# 3, and 7.0 ESD# 7 contain the fixes to correct the issues.
Tracking
Sybase is tracking these issues under Bug ID# 678497, 678499.
These Bug IDs are fixed in the following EBFs.
| Platform |
6.7 |
7.0 |
| EBF# (ESD# 3) |
EBF# (ESD# 7) |
| Windows (x86) 32-bit |
19438 |
19435 |
| Sun Solaris (x86) 32-bit |
19439 |
N/A |
| Sun Solaris (x86) 64-bit |
N/A |
19437 |
| Linux (x86) 32-bit |
19440 |
19436 |
Downloads
EBFs are obtained from the Sybase EBFs and Maintenance site.
http://downloads.sybase.com/
Follow the instructions in the EBF cover letter to install the EBF.
If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.
http://www.sybase.com/contactus/support
Copyright © 2011 Sybase, Inc. All rights reserved.
