Symantec Enterprise Vault Update for Oracle Outside In Module
|Article:TECH167455|||||Created: 2011-08-18|||||Updated: 2014-11-04|||||Article URL http://www.symantec.com/docs/TECH167455|
Symantec has released updates to the Oracle Outside In module in supported versions of the Symantec Enterprise Vault product suite. These updates address potential Denial of Service and possible remote code execution susceptibility. An issue has been found in the Oracle Outside In libraries which Enterprise Vault uses to convert data for storage in the archive. It has been found that if an email contains an affected attachment and passes through the Oracle converter it could execute arbitrary code. Symantec recommends all customers download and apply the hotfixes identified below in the Solution section as soon as possible.
What is Affected
The following versions of Symantec Enterprise Vault are affected:
- Enterprise Vault for File System Archiving 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
- Enterprise Vault for Lotus Domino 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
- Enterprise Vault for Microsoft Exchange 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
- Enterprise Vault for Microsoft SharePoint 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
- Enterprise Vault for SMTP 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
- Enterprise Vault API 6.x, 7.x, 2007.x, 8.x, 9.x, and 10.0
How to Subscribe to Email Notifications:
Symantec Strongly Recommends the Following Best Practices:
1. Always perform a FULL backup prior to and after any changes to your environment.
2. Always make sure that the environment is running the latest version and patch level.
3. Subscribe to technical articles for updates.
8.0 SP5 - Oracle Outside In Patch
9.0.2 - Oracle Outside In Patch
9.0.1 - Oracle Outside In Patch
10.0 - Oracle Outside In Patch
Article URL http://www.symantec.com/docs/TECH167455