Switch to standard view 
  Sybase logo
 
 
 




Urgent from Sybase: Possible security vulnerability Pylon Anywhere

Summary: There is vulnerability in Pylon Anywhere that allows a person with knowledge of the vulnerability, and with a valid account on a Pylon Anywhere server, to access the email and PIM data of another user on the server.


Contents

This document contains the following sections:

  • Customer Alert
  • Recommendation

Customer Alert

Sybase has identified a security vulnerability in its Pylon Anywhere groupware synchronization server. The vulnerability is such that a person with knowledge of the vulnerability, and with a valid account on a Pylon Anywhere server, can access the email and PIM data of another user on the server.

No customer or user data is known to have been compromised because of this vulnerability, which was discovered in testing.

The vulnerability exists in all versions of Pylon Anywhere prior to v7.0

Solution: Install the released patch; or upgrade to a version that is not affected. The patch has no effect on the behavior of Pylon Anywhere other than to address the security vulnerability. Patches have been released for the following Pylon Anywhere versions:

  • 6.4.9
  • 6.4.8
  • 6.4.2
  • 6.3.2 (on request)
  • 6.2.1
  • 5.5.4 (on request)

Recommendation

Sybase strongly recommends that customers either install the appropriate patch; or upgrade to a version of Pylon Anywhere that is not affected by this vulnerability.

The EBFs can be obtained from the Sybase EBFs and Maintenance site.

http://downloads.sybase.com/


If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.

http://www.sybase.com/contactus/support



Copyright © 2006 Sybase, Inc. All rights reserved.



Back to Top
© Copyright 2010, Sybase Inc.