IBM vua moi phat hanh ban cap nhat de khac phuc hai loi
bao mat da duoc phat hien tu... nam ngoai trong dong san pham Lotus Domino.
Thang 8 nam ngoai hang bao mat iDefense thong bao phat hien mot loi bao mat XSS
(cross-site scripting) ton tai trong giao dien phoi hop va gui nhan tin nhan
tren web IBM Lotus Domino Web Access danh cho may chu Lotus Domino.
"Nguyen nhan phat sinh loi bao mat nay la do loi trong qua trinh loc noi
dung cac email HTML. Cho du Web Access co gang loc HTML va ma script nhung mot
so doan ma van lot qua va dieu khien thuc thi JavaScript," iDefense cho
biet.
 De
khac phuc loi bao mat nay IBM khuyen cao nguoi dung nen nang cap len Lotus
Domino 6.5.6 va 7.0.2 Fix Pack 1.
Loi bao mat thu hai la mot loi tran bo nho dem trong phan mem IBM Lotus Domino
Server dam trach nhiem vu gui tin nhan va lap lich trinh. Neu tin tac khai thac
thanh cong loi nay chung co the tan cong tu choi dich vu hoac thuc thi ma doc
tren he thong mac loi. Loi nay duoc iDefense phat hien va thong bao hoi thang 10
nam ngoai.
Neu khai thac thanh cong loi bao mat nay tin tac co the doat duoc quyen truy cap
den mot so thong tin nhay cam tren he thong hoac ha guc may chu. Nhung de khai
thac duoc loi bao mat nay tin tac phai co quyen ket noi den dich vu LDAP,
iDefense khang dinh.
Theo eWeek, VnMedia
Article source http://w4rum.com/1108.t
| 