Urgent from Sybase: Afaria Data Security Manager Vulnerability.
Summary: Afaria Data Security Manager on Symbian devices contains a security vulnerability that is resolved by applying a hot-fix. This vulnerability affects Afaria 6.5 Feature Pack 1 and newer as well as Afaria 6.6 GA. Sybase strongly recommends that customers update their Afaria Servers as soon as possible. The hot-fixes are available from the Afaria support area of the Sybase website.
This document contains the following sections:
- Customer Alert
A Symbian device that is locked using Afaria Data Security Manager could be accessed without entering the security login password if a particular sequence of events occurs.
This vulnerability was introduced in Afaria 6.5 Feature Pack 1. It also exists in Afaria 6.6 GA. It affects all Symbian Series 60 3rd Edition, Feature Pack 0, 1, 2 devices and 5th Edition devices.
Customers are advised to install the patches for the appropriate Afaria product version.
Afaria 6.5: Issue was first addressed in Afaria 6.5 Hot-fix 81 (65AfariaFx81), this requires Feature Pack 2.
Afaria 6.6: Issue was first addressed in Afaria 6.6 Hot-fix 2011-01 (66Afaria_2011_01.zip)
Theses Afaria hot-fixes are obtained by selecting the product "Afaria" located on the technical support section of the Sybase Support Website http://www.sybase.com/support. It is recommended that the hot-fix release notes, which cover installation notes and a list of fixed issues, are thoroughly reviewed.
Sybase has tracked this issue under defect ID 35621 and 35772.
If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.
Copyright © 2011 Sybase, Inc. All rights reserved.