Secunia Security Advisory - A vulnerability has been reported in various Attachmate products, which potentially can be exploited by malicious people to disclose sensitive information.
c2c4a29a0426ad7d3414cb7bb46aa751d6e29431bfc29a9f9f2c0698a456f7fa
----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Attachmate Products SSH CBC Mode Plaintext Recovery Vulnerability
SECUNIA ADVISORY ID:
SA32833
VERIFY ADVISORY:
http://secunia.com/advisories/32833/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From local network
SOFTWARE:
WRQ Reflection for UNIX and OpenVMS 6.x
http://secunia.com/advisories/product/7519/
WRQ Reflection for Secure IT Windows Server 6.x
http://secunia.com/advisories/product/5642/
WRQ Reflection for Secure IT UNIX Server 6.x
http://secunia.com/advisories/product/8068/
WRQ Reflection 12.x
http://secunia.com/advisories/product/8231/
WRQ Reflection 11.x
http://secunia.com/advisories/product/860/
WRQ Reflection 10.x
http://secunia.com/advisories/product/7564/
Reflection X 2008
http://secunia.com/advisories/product/20563/
Reflection Standard Suite 2008
http://secunia.com/advisories/product/20562/
Reflection for UNIX and OpenVMS 2008
http://secunia.com/advisories/product/20561/
Reflection for the Web 2008
http://secunia.com/advisories/product/20564/
Reflection for Secure IT 7.x
http://secunia.com/advisories/product/19588/
Reflection for IBM 2008
http://secunia.com/advisories/product/20560/
Reflection 14.x
http://secunia.com/advisories/product/12392/
Reflection 13.x
http://secunia.com/advisories/product/12393/
myEXTRA! Enterprise 7.x
http://secunia.com/advisories/product/3448/
INFOConnect Enterprise Edition
http://secunia.com/advisories/product/2448/
EXTRA! X-treme 9.x
http://secunia.com/advisories/product/14940/
Attachmate Reflection for IBM 2007 14.x (formerly WRQ Reflection)
http://secunia.com/advisories/product/15676/
KEA! X 6.x
http://secunia.com/advisories/product/20570/
KEA! X 7.x
http://secunia.com/advisories/product/20571/
DESCRIPTION:
A vulnerability has been reported in various Attachmate products,
which potentially can be exploited by malicious people to disclose
sensitive information.
For more information:
SA32740
SOLUTION:
Switch to SSH Arcfour or Counter-mode ciphers where available.
Please see vendor advisory for detailed workaround instructions.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://support.attachmate.com/techdocs/2398.html
OTHER REFERENCES:
SA32740:
http://secunia.com/advisories/32740/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------