[Cache-News] Updated Security Alert - %template

[cache-ne...@intersystems.com]

March 10, 2004 - Updated Security Alert - %template

This alert contains updated instructions. If you followed the instructions
from the
March 9th alert, you will still need to follow the updated instructions below.

InterSystems has encountered a critical issue with a number of Caché
classes which
could allow an attacker to access data on a Caché server. This
vulnerability is in
classes that are not required on production systems and are only used
during development.
Removing them will have no impact on a production system.

These classes are included in all releases of Caché 5.0.

InterSystems recommends you remove them by using Terminal. Once connected
using
Terminal, enter the following commands:

zn "%cachelib"
do $system.OBJ.DeletePackage("%template", "ps")


In addition please remove all .csp files from the following directories
(if installed):

\Dev\studio\templates
\Devuser\studio\templates


of your Caché installation (default: cachesys).

InterSystems is working on a solution to remove this vulnerability from future
versions.

If you have any questions regarding this, please contact the InterSystems
Worldwide Response Center at sup...@intersystems.com.