Some other things to consider: - allowing back ticks in run process commands - run process directory and access - sql injection - relative security of data on the wire (no/weak/strong encryption) - web: xss vulnerabilities - form/field/active link permissions - server hardening - network architecture for related components - protocol implementation (malformed packets causing DoS, etc.); they do exist
Patch is probably the incorrect term, you are probably looking to properly configure the system. Only BMC can provide patches, usually in the form of a stripped binary. Axton Grams On 7/20/07, Marc Simmons <[EMAIL PROTECTED]> wrote:
** Hi List, Does anyone know of a white paper that details the security risks with Remedy (ie arcache, arreload, encryption) etc and how to "patch" those holes. I know that there are bits and pieces of information in the admin/config guides etc. I was just hoping that there would be a doc that consolidated all of that information. Thanks -- Marc Simmons Remedy Administrator "Everyday above ground is a good day... the rest is a choice!" __20060125_______________________This posting was submitted with HTML in it___
_______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
