Details: In WEBppliance 3.1.12 LS and all prior LS versions, and WEBppliance 3.1.11 LH and all prior LH versions; there is a buffer overflow in virthostmail. This buffer overflow could allow a non-privileged local user to gain root access. Ensim recommends that you upgrade your WEBppliance with the RPMS below to migitate this security vulnerability. We would like to thank Knud Højgaard for reporting this vulnerability.
Please download the following RPMS and refer to the installation section for installation instructions.
For WEBppliance for Linux LS 3.1.12, download these from http://download.swsoft.com/ensim/download/webppliance/linux/patches/3.1.12/errata/errata-virthostmail
WARNING: Please make sure that your WEBppliance is at version 3.1.12 before applying this security fix.
WEBppliance for Linux (LS)
NOTE: Ensure LWP 3.1.12 is installed before installing this patch
Once you have downloaded these rpms into a single directory run the following commands:
rpm -Fvh *rpm
service webppliance restart (Restart the WEBppliance service )
WEBppliance for Linux (LH)
Please download WEBppliance LH 3.1.12 suite from AppXchange and install this on your existing WEBppliance LH 3.1.11 servers. WEBppliance LH 3.1.12 suite contains the fix for this vulnerability. Refer to this URL for more details about WEBppliance LH 3.1.12