16 September 2011
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0078 Some vulnerabilities have been identified in Blackboard Learn version 9.1 and earlier 16 September 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Blackboard Learn Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Member content until: Friday, March 16 2012 OVERVIEW Some vulnerabilities have been identified in Blackboard Learn version 9.1 and earlier. IMPACT Blackboard has been informed about a number of vulnerabilities in the Blackboard Learn platform. Blackboard is currently reviewing them and will be releasing patches for the vulnerabilities over the coming releases and updates. The exact impact of all the vulnerabilities is not yet known, and as they have yet to be patched we will not be providing any specific details. However, due to recent media attention there may be an increased interest in these vulnerabilities. AusCERT will continue monitoring the situation and send updates as they become available. MITIGATION Due to the potential increased interest in these vulnerabilities, users of Blackboard Learn should consider some of the following: * Update to the latest version of Blackboard Learn with the latest service pack (Release 9.1 Service Pack 6). * Ensure the cross-site scripting filter, "config.global.xss.filter" is enabled in the Blackboard configuration to help prevent cross-site scripting and some other forms of attack. * Disable any tools and plugins that are not required. AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTnLfNO4yVqjM2NGpAQJo/Q/+Jt1lKgZ4JakeYprXuggf4mV8KpzuzFzs z60JMZvUllnruQSCR7SZWp6JNRobVYvqbV1U11mQrvR+uuDsUdLRKeQd0sUN57al yvcuCHImKmz4gPgxLcv/cnk3EEIdEMNli1PisX0+yr5wLJJJDqgdrspNdTPZKUeS MWrf5FJD6VweuI1Cmjdrdt1f34bwcos1ztKjvVm8VDif6TwP3RvXMGitQ4aCMA2s FYviF6x21n6N2SH704RW7ABRR8i3wimnQwBk62eIQrWZ3QkQtjovbuC81iEEcJFA cNjgLHipzowlrCso4mkws2byv+UNQLXVAiDbzsnJClC/Zo57s2hq6y9serzVOH1N oUFcxKZN685FAdc9Vw44BRM9m1FlpN7WC5IWi7BLo2HinutoAaYwT9983Qc755vF 6bMut20AAFTwXHWu0HHvCj+Tom73rhAqYtsWo1mADAW82WXoUThAtbX/KFvRtfeR z6ApRE9HwpfJrLd8TMBCwtwNKOK0RVd4OGqCPE30XPlfk/S3CUAKaEmoRgfxKDi5 DTPkYSJc068D7NDSc1zaDfuPBYepLOtwVAb+vCApzr/WBjYFAf//boL3/xv0/Y0X HngV0E0bqxaxAO4FLqSwQONWYnRlS43+ugwQLws+8wk5f6kS9OCgwZVwTbYBqNOb eZyfJFXrp4I= =lrpN -----END PGP SIGNATURE-----