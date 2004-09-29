Disclosure
Release Date: 2004-09-29
Critical: Less critical
Impact: Exposure of sensitive information
Where: Local system
Solution Status: Vendor Patch
Software: CA Common Services 3.x
CA Unicenter Network and Systems Management 3.x
CA Unicenter ServicePlus Service Desk 6.x
A security issue has been reported in Computer Associates Unicenter Common Services, which may disclose sensitive information to malicious, local users.
The problem is that the "SA" database password is stored in plain text in the following files during installation of Common Services:
* TndAddNsp.bat
* TndAddNspTmp.bat
* litestore.dat
Solution:
Apply QO58447 and follow the post-install steps provided by the vendor.
Provided and/or discovered by:
Reported by vendor.
RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities
Release Date: 2004-09-29
Critical: Highly critical
Impact: Manipulation of data
System access
Where: From remote
Solution Status: Vendor Patch
Software: Helix Player 1.x
RealOne Player v1
RealOne Player v2
RealPlayer 10
RealPlayer 8
RealPlayer Enterprise
Multiple vulnerabilities have been reported in RealOne Player, RealPlayer, and Helix Player, which can be exploited by malicious people to compromise a user's system and delete files.
1) An unspecified error when running local RM files can potentially be exploited to execute arbitrary code.
The vulnerability has been reported in:
* RealPlayer 8 / 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) / Enterprise on Windows
* RealOne Player v1, v2 on Windows
* Mac RealPlayer 10 Beta and Mac RealOne Player
* Linux RealPlayer 10 and Helix Player on Linux
2) A problem with malformed calls can be exploited to execute arbitrary code by embedding the player on a malicious website and making specially crafted calls.
The vulnerability has been reported in RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) and RealOne Player v1, v2 on Windows.
3) An unspecified error allows malicious websites and media files to delete arbitrary local files.
The vulnerability has been reported in RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) and RealOne Player v1, v2 on Windows.
Solution:
Apply updates (see the original vendor advisory).
http://secunia.com/advisories/12672/