Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VULNERABILITIES - October 25, 2005

by Donna Buenaventura Oct 24, 2005 6:37PM PDT

Symantec Product Advisory: SYM05-022
Symantec Discovery Web Accounts Null Password

Risk Impact: Medium
Affected Product(s):
ON Command Discovery Standard Edition 4.5.x
ON Command Discovery Web Edition 4.5.x
Symantec Discovery 6.0

Not Affected Product(s):
Version of Symantec Discovery installed without the web application

Details
Symantec engineers have identified that during installation of Symantec Discovery, two database accounts, DiscoveryWeb and DiscoveryRO, are created with null passwords. Assigning a password to the DiscoveryWeb account will disable Symantec Discovery in its current configuration.

Symantec Response
A patch has been created to allow the DiscoveryWeb database account to be password protected. The DiscoveryRO account is only used in conjunction with the heat interface. It is recommended that this database account be removed unless used in conjunction with the heat interface. Scripts are also available for removing or adding the DiscoveryRO.

The patch and installation instructions are available from the Symantec website.

For ON Command Discovery Standard Edition:
http://www.symantec.com/techsupp/enterprise/products/oncmd/cmd_dis_std_45x/files.html

For ON Command Discovery Web Edition:
http://www.symantec.com/techsupp/enterprise/products/oncmd/cmd_dis_web_45x/files.html

For Symantec Discovery 6.0:
http://www.symantec.com/techsupp/enterprise/products/sdis/sdis_6x/files.html

Symantec is not aware of any active attempts against or organizations impacted by this issue.

Discussion is locked

1 Posts

- Collapse + Expand Details

- Collapse -

Skype Multiple Buffer Overflow Vulnerabilities

by Donna Buenaventura Oct 25, 2005 2:02AM PDT

Some vulnerabilities have been reported in Skype, which can be exploited by malicious people to cause a DoS or to compromise a user's system.

Affected Software:
Skype for Linux 0.x
Skype for Linux 1.x
Skype for Mac OS X 0.x
Skype for Mac OS X 1.x
Skype for Pocket PC 1.x
Skype for Windows 1.x

Solution:
Update to the fixed version.
http://www.skype.com/download/

http://secunia.com/advisories/17305/