Urgent from Sybase: OneBridge Vulnerability.
Summary: OneBridge Server and DMZ Proxy contain a security vulnerability that is resolved by disabling the iMailGateway service. This vulnerability affects OneBridge 5.5 (5.5.2008.0312) and 5.6 (5.6.2008.0312) and newer. Sybase strongly recommends that customers disable iMailGateway as soon as possible.
This document contains the following sections:
- Customer Alert
The OneBridge Server and DMZ Proxy have a security vulnerability due to the iMailGateway service.
This vulnerability was introduced in OneBridge 5.5 (5.5.2008.0312) and 5.6 (5.6.2008.0312) and all later versions.
Sybase is making this announcement proactively. This issues was reported to us by TippingPoint’s Zero Day Initiative (credit to Luigi Auriemma). There have been no reported exploits of this vulnerability, and to date it has not been reported by a Sybase customer. Sybase, Inc. appreciates the efforts of TippingPoint’s Zero Day Initiative to continually strengthen software throughout the industry by monitoring and testing.
The following procedure is to be completed on the OneBridge Server and DMZ Proxy:
The OneBridge Internet Mail Gateway is the service being used to route the iPhone traffic on ports 993 (IMAP) and 587 (SMTP). There are two options available to the customer to disable this service (Both options do essentially the same thing and disable the service).
- Disable and stop the "OneBridge Internet Mail Gateway" from the Services MMC.
- Launch and execute the OneBridge Service application and navigate to the Internet Mail Gateway settings page. While on this page remove the check from the "Enable Internet Mail Gateway" setting. Continue to the end of the wizard and select Finish.
If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.
Copyright © 2011 Sybase, Inc. All rights reserved.