Alert GCSA-12040 - Vulnerabilita' in Microsoft FAST Search Server
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12040
Data : 25 Luglio 2012
Titolo : Vulnerabilita' in Microsoft FAST Search Server 2010 per SharePoint e Microsoft SharePoint Server 2010
******************************************************************
:: Descrizione del problema
Sono state riportate vulnerabilita' multiple in Microsoft FAST Search Server
2010 per SharePoint e Microsoft SharePoint Server 2010 che potrebbero essere
sfruttate per causare attacchi DoS e compromettere un sistema che ne sia affetto.
Le vulnerabilita' sono presenti nella versione bundle delle librerie Oracle
Outside In Technology.
L'esecuzione delle vulnerabilita' richiede che FAST Search abbia l'Advanced
Filter Pack abilitato (disabilitato per default).
:: Software interessato
FAST Search Server 2010 per SharePoint
Microsoft SharePoint Server 2010
:: Impatto
DoS
Accesso al sistema
:: Soluzioni
Microsoft raccomanda di applicare il workaround:
http://technet.microsoft.com/en-us/security/advisory/2737111
:: Riferimenti
Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2737111
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3110
Secunia:
http://secunia.com/advisories/50049/
-----BEGIN PGP SIGNATURE-----
iD8DBQFQEAEowZxMk2USYEIRAkEjAJ0WmBrlmx3DC+X8gS/kzkwxkfu5mgCgyTf7
0ypZldDKRmOf2Qu2DoOrPaw=
=oL2t
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12040
Data : 25 Luglio 2012
Titolo : Vulnerabilita' in Microsoft FAST Search Server 2010 per SharePoint e Microsoft SharePoint Server 2010
******************************************************************
:: Descrizione del problema
Sono state riportate vulnerabilita' multiple in Microsoft FAST Search Server
2010 per SharePoint e Microsoft SharePoint Server 2010 che potrebbero essere
sfruttate per causare attacchi DoS e compromettere un sistema che ne sia affetto.
Le vulnerabilita' sono presenti nella versione bundle delle librerie Oracle
Outside In Technology.
L'esecuzione delle vulnerabilita' richiede che FAST Search abbia l'Advanced
Filter Pack abilitato (disabilitato per default).
:: Software interessato
FAST Search Server 2010 per SharePoint
Microsoft SharePoint Server 2010
:: Impatto
DoS
Accesso al sistema
:: Soluzioni
Microsoft raccomanda di applicare il workaround:
http://technet.microsoft.com/en-us/security/advisory/2737111
:: Riferimenti
Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2737111
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3110
Secunia:
http://secunia.com/advisories/50049/
-----BEGIN PGP SIGNATURE-----
iD8DBQFQEAEowZxMk2USYEIRAkEjAJ0WmBrlmx3DC+X8gS/kzkwxkfu5mgCgyTf7
0ypZldDKRmOf2Qu2DoOrPaw=
=oL2t
-----END PGP SIGNATURE-----