Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0016 Multiple vulnerabilities have been identified in Trend Micro SafeSync for Enterprise (SSFE) prior to version 3.2 2 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Trend Micro SafeSync for Enterprise (SSFE) Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade Member content until: Saturday, April 1 2017 OVERVIEW Multiple vulnerabilities have been identified in Trend Micro SafeSync for Enterprise (SSFE) prior to version 3.2. [1] IMPACT Trend Micro have provided the following details regarding the vunlnerabilities: "This update resolves multiple vulnerabilities in SafeSync for Enterprise 3.2 that, if exploited, could potentially allow an attacker to trigger arbitrary SQL and remote command execution (RCE) attacks using the admin console. Due to the seriousness of these vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible." [1] MITIGATION Trend Micro recommends upgrading to the latest version to address these issues. [1] REFERENCES [1] SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro SafeSync for Enterprise (SSFE) 3.2 https://success.trendmicro.com/solution/1116749 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWLdVbox+lLeg9Ub1AQisVA//QKzPRm41MT8L0PCTh+vB6TMaMBor8KVv A803DnVbMwACIc4bTLBldh3B66z0n6+jpI4SJx/c0+apVknYUsffQG310ASdl1sg +astm+9aI0Pfw+riSOWWcyuki9JjzO5qVpYDeF9YC9reZX9k4QdO4xCk0xn4MByB 3hRcWDbR2Vgi9tOz3WXh0RTuxkgyGh+/gyHotNB+cGDiJ6kKZQPz6u6WxcTyCOvN CniZeoykDFsS8Sbh4pq3zH26CdEtmL5b5byKYAIj+4RAX6tA3pkSnXObFPqXw6Y1 7DynCRRcYSdPTfoPPqvKiLRl5X5VI/1pAko6Rqtl6QysTCropUWqqfnQeCFlv6rb QNEGF933wLnZc/HW+QU8XeSX5qG6fAcMVxfsOD/V9i+cHtw87qLjHzS+mgd1VA3p Bv86M1F72/0h85SFl09JTpZRW+2fFcaZfTJK9lpZinawV/OQEBwVDKJkZBDFzRhk I+ba4/R5+UaVtaUTuDCLWNi8QfmXpWKp0lwKMZT7rB1Dk3O/2e1ppby2oMtyZ8ZI aNeDRJfFWABs6RCKZPkXyALKpN+BbcbBRsecX8IbkIh3yf2wxoLr0jYA5iLjWo24 P7+VCaQLbMP5Oc3Vv16RTr+cr+H54Lw19NrtoaluICHn9KiDdgcsVPWuLbz2XSUo tD7bDHLN0Ms= =P0YE -----END PGP SIGNATURE-----