Symantec Enterprise Vault Update for Oracle Outside In Module

Article:TECH167455  |  Created: 2011-08-18  |  Updated: 2014-11-04  |  Article URL http://www.symantec.com/docs/TECH167455
Article Type
Technical Solution

Product(s)

Subject

Issue



Symantec has released updates to the Oracle Outside In module in supported versions of the Symantec Enterprise Vault product suite. These updates address potential Denial of Service and possible remote code execution susceptibility.   An issue has been found in the Oracle Outside In libraries which Enterprise Vault uses to convert data for storage in the archive.  It has been found that if an email contains an affected attachment and passes through the Oracle converter it could execute arbitrary code.  Symantec recommends all customers download and apply the hotfixes identified below in the Solution section as soon as possible.


What is Affected
The following versions of Symantec Enterprise Vault are affected: 

  • Enterprise Vault for File System Archiving 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
  • Enterprise Vault for Lotus Domino 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
  • Enterprise Vault for Microsoft Exchange 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
  • Enterprise Vault for Microsoft SharePoint 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
  • Enterprise Vault for SMTP 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
  • Enterprise Vault API 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0  

Solution



Symantec has released updates to the Oracle Outside In module in supported versions of the Symantec Enterprise Vault product suite. These updates address potential Denial of Service and possible remote code execution susceptibility.

Enterprise Vault 10.0
Download Hotfix - http://www.symantec.com/docs/TECH168021  
 
Enterprise Vault 9.0.2
Enterprise Vault 9.0.1
Enterprise Vault 9.0
Enterprise Vault 8.0 SP5
Enterprise Vault 8.0 SP4 and Prior
If using an older versions it is recommended to immediately upgrade to one of the versions above and apply the recommended hotfix.


How to Subscribe to Email Notifications:
Subscribe to this article by clicking on the Subscribe via email link on this page to receive notification when this article is updated. 

Software Alerts:
If this TechNote was not received from the Symantec Email Notification Service as a Software Alert, please subscribe via email and/or RSS.  For more information refer to article HOWTO31128 for additional information.


Symantec Strongly Recommends the Following Best Practices:

1. Always perform a FULL backup prior to and after any changes to your environment.
2. Always make sure that the environment is running the latest version and patch level.
3. Subscribe to technical articles for updates.
 

Supplemental Materials

SourceETrack
Value2495938
Description

8.0 SP5 - Oracle Outside In Patch


SourceETrack
Value2495932
Description

9.0.2 - Oracle Outside In Patch


SourceETrack
Value2497319
Description

9.0.1 - Oracle Outside In Patch


SourceETrack
Value2495934
Description

10.0 - Oracle Outside In Patch




Article URL http://www.symantec.com/docs/TECH167455


Terms of use for this information are found in Legal Notices