Vulnerability reported in PureMessage for Unix
As a security company, keeping our customers safe is our primary responsibility. Improving protection is of course key, as is ensuring the security of our products. We achieve this through rigorous and regular testing as well as welcoming findings from independent security advisers.
The issues were reported on June 11, 2013 and were resolved with the 6.0.3 release of PureMessage for Unix on June 26, 2013.
Am I protected?
You should upgrade PureMessage for Unix to version 6.0.3. Please see:
Details of vulnerabilities
|Local File Disclosure |
|Vulnerability ID ||CVE-2006-3392 |
|Description: ||Webmin before 1.290 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files. |
|Affected product(s): ||Sophos PureMessage for Unix version 6.0.2 and earlier |
| Fixed in: ||PureMessage for Unix version 6.0.3 |
|First reported to us: ||11 June 2013 |