[Cache-News] Security Alert Correction
27 views
Skip to first unread message
cache-ne...@intersystems.com
Mar 5, 2004, 11:18:56 AM3/5/04
to x...@info2.kinich.com
This announcement has corrected information.
The second option has been corrected to read
2. From Terminal, enter the following commands:
zn "%cachelib"
do $system.OBJ.Delete("%XML.Utils.SchemaServer")
The complete and corrected security alert is listed below.
InterSystems has encountered a critical issue with a Cache' class which
could allow an attacker to access any file on a Cache' Server. This
vulnerability is in a class which is not required on production systems.
This class is included in all releases of Cache' 5.0.
InterSystems recommends that this class be removed using one of the
following methods:
1. From Explorer
select "Namespaces-->%CACHELIB-->Classes"
Right-click on "%XML.Utils.SchemaServer"
select "Delete"
or
2. From Terminal, enter the following commands:
zn "%cachelib"
do $system.OBJ.Delete("%XML.Utils.SchemaServer")
InterSystems is working on a solution to remove this vulnerability from
future versions.
The second option has been corrected to read
2. From Terminal, enter the following commands:
zn "%cachelib"
do $system.OBJ.Delete("%XML.Utils.SchemaServer")
The complete and corrected security alert is listed below.
InterSystems has encountered a critical issue with a Cache' class which
could allow an attacker to access any file on a Cache' Server. This
vulnerability is in a class which is not required on production systems.
This class is included in all releases of Cache' 5.0.
InterSystems recommends that this class be removed using one of the
following methods:
1. From Explorer
select "Namespaces-->%CACHELIB-->Classes"
Right-click on "%XML.Utils.SchemaServer"
select "Delete"
or
2. From Terminal, enter the following commands:
zn "%cachelib"
do $system.OBJ.Delete("%XML.Utils.SchemaServer")
InterSystems is working on a solution to remove this vulnerability from
future versions.
Reply all
Reply to author
Forward
0 new messages