SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   RSA Key Manager Vendors:   EMC, RSA
RSA Key Manager Appliance Session Logout Bug Fails to Terminate Sessions
SecurityTracker Alert ID:  1026276
SecurityTracker URL:  http://securitytracker.com/id/1026276
CVE Reference:   CVE-2011-2740   (Links to External Site)
Date:  Nov 3 2011
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.7 SP1
Description:   A vulnerability was reported in RSA Key Manager Appliance. A remote authenticated user session may not terminate properly.

When using Firefox 4 and 5, an authenticated user session is not terminated properly when logging out.
Impact:   A remote authenticated user session may not terminate properly.
Solution:   The vendor has issued a fix (2.7.1.6).
Vendor URL:  www.rsa.com/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Thu, 03 Nov 2011 13:35:26 -0400
Subject:  ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1


--Boundary_(ID_d1bO1mhpYMZF+62DLVQJfw)
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT



--Boundary_(ID_d1bO1mhpYMZF+62DLVQJfw)
Content-type: text/plain; name=ESA-2011-035.txt
Content-transfer-encoding: base64
Content-disposition: attachment; filename=ESA-2011-035.txt; size=5337;
 creation-date="Thu, 03 Nov 2011 17:33:19 GMT";
 modification-date="Thu, 03 Nov 2011 17:32:48 GMT"
Content-description: ESA-2011-035.txt

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEExCgpFU0EtMjAxMS0w
MzU6IFJTQSwgVGhlIFNlY3VyaXR5IERpdmlzaW9uIG9mIEVNQywgYW5ub3VuY2VzIHRoZSByZWxl
YXNlIG9mIEhvdGZpeCA2IHdpdGggc2VjdXJpdHkgdXBkYXRlcyBmb3IgUlNBIEtleSBNYW5hZ2Vy
IEFwcGxpYW5jZSAyLjcgU2VydmljZSBQYWNrIDENCkFkdmlzb3JpZXMgDQpVcGRhdGVkIE9jdG9i
ZXIgMjgsIDIwMTEgDQoNCg0KU3VtbWFyeToNCg0KUlNBIGhhcyBkZWxpdmVyZWQgYW4gdXBkYXRl
IG9uIFJTQSBLZXkgTWFuYWdlciBBcHBsaWFuY2UgMi43IFNlcnZpY2UgUGFjazEgdGhhdCBpbmNs
dWRlcyBzZWN1cml0eSByZWxhdGVkIGNvbXBvbmVudCB1cGRhdGVzIGluY2x1ZGluZyBPcmFjbGUg
Q3JpdGljYWwgUGF0Y2ggVXBkYXRlIChDUFUpIEp1bHkgMjAxMSBhbmQgUlNBIEFjY2VzcyBNYW5h
Z2VyIFNlcnZlciwgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSBmaXgsIGhvdCBmaXggcm9sbC11cHMg
YW5kIGJ1ZyBmaXhlcy4NCg0KQXBwbGlhbmNlIHVzZXIgc2Vzc2lvbiBpcyBub3QgdGVybWluYXRl
ZCBwcm9wZXJseSBhZnRlciBsb2dvdXQgdXNpbmcgRmlyZWZveCA0IGFuZCA1IChDVkUtMjAxMS0y
NzQwKS4NCg0KUmVhZCB0aGUgY29ycmVzcG9uZGluZyBSU0EgS2V5IE1hbmFnZXIgQXBwbGlhbmNl
IDIuNy4xLjYgcmVsZWFzZSBub3RlcyBmb3IgdGhlIGRldGFpbHMgb2YgcmVzb2x2ZWQgaXNzdWVz
Lg0KDQoNCg0KQ29tbW9uIFZ1bG5lcmFiaWxpdHkgU2NvcmluZyBTeXN0ZW0gKENWU1MpIEJhc2Ug
U2NvcmU6DQoNClRoZSBDb21tb24gVnVsbmVyYWJpbGl0eSBTY29yaW5nIFN5c3RlbSAoQ1ZTUykg
QmFzZSBTY29yZSBmb3IgdGhlIGl0ZW0gaWRlbnRpZmllZCBieSBDVkUtMjAxMS0yNzQwIGluIHRo
aXMgYWR2aXNvcnkgaXM6IDYuOSAoQVY6TC9BQzpNL0F1Ok4vQzpDL0k6Qy9BOkMpLiBTZWUgT3Jh
Y2xlIEFkdmlzb3J5IGZvciB0aGUgZGV0YWlscyBvZiBDUFUgVXBkYXRlIEp1bHkgMjAxMS4gUlNB
IHJlY29tbWVuZHMgdGhhdCBhbGwgY3VzdG9tZXJzIHRha2UgaW50byBhY2NvdW50IGJvdGggdGhl
IGJhc2Ugc2NvcmUgYW5kIGFueSByZWxldmFudCB0ZW1wb3JhbCBhbmQgZW52aXJvbm1lbnRhbCBz
Y29yZXMsIHdoaWNoIG1heSBpbXBhY3QgdGhlIHBvdGVudGlhbCBzZXZlcml0eSBhc3NvY2lhdGVk
IHdpdGggYSBwYXJ0aWN1bGFyIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkuDQoNCg0KDQpBZmZlY3Rl
ZCBQcm9kdWN0czoNCg0KUlNBIEtleSBNYW5hZ2VyIEFwcGxpYW5jZSAyLjcgU2VydmljZSBQYWNr
IDENCg0KDQoNClVuYWZmZWN0ZWQgUHJvZHVjdHM6DQoNClJLTSBDIENsaWVudCwgYWxsIHBsYXRm
b3Jtcw0KUktNIEphdmEgQ2xpZW50LCBhbGwgcGxhdGZvcm1zDQpSS00gQyMgQ2xpZW50LCBhbGwg
cGxhdGZvcm1zDQpSS00gU2VydmVyLCBhbGwgcGxhdGZvcm1zDQpSS00gTWFpbmZyYW1lIENsaWVu
dHMNCg0KXQ0KDQoNCg0KUmVjb21tZW5kYXRpb246DQoNClJTQSBzdHJvbmdseSByZWNvbW1lbmRz
IHRoYXQgYWxsIGN1c3RvbWVycyBvbiBSS00gQXBwbGlhbmNlIDIuNyBTUDEgYXBwbHkgdGhlIDIu
Ny4xLjYgaG90Zml4LCBzaW5jZSB0aGlzIGhvdGZpeCBhZGRyZXNzZXMgc2VjdXJpdHkgcmVsYXRl
ZCBmaXhlcywgaG90IGZpeCByb2xsIHVwcywgYW5kIGJ1ZyBmaXhlcy4NCg0KDQoNCk9idGFpbmlu
ZyBEb3dubG9hZHM6DQoNClRvIG9idGFpbiB0aGUgbGF0ZXN0IFJTQSBwcm9kdWN0IGRvd25sb2Fk
cywgbG9nIG9uIHRvIFJTQSBTZWN1ckNhcmUgT25saW5lIGF0IGh0dHBzOi8va25vd2xlZGdlLnJz
YXNlY3VyaXR5LmNvbSBhbmQgY2xpY2sgUHJvZHVjdHMgaW4gdGhlIHRvcCBuYXZpZ2F0aW9uIG1l
bnUuIFNlbGVjdCB0aGUgc3BlY2lmaWMgcHJvZHVjdCB3aG9zZSBkb3dubG9hZCB5b3Ugd2FudCB0
byBvYnRhaW4uIFNjcm9sbCB0byB0aGUgc2VjdGlvbiBmb3IgdGhlIHByb2R1Y3QgZG93bmxvYWQg
dGhhdCB5b3Ugd2FudCBhbmQgY2xpY2sgb24gdGhlIGxpbmsuDQoNCg0KDQpPYnRhaW5pbmcgRG9j
dW1lbnRhdGlvbjoNCg0KVG8gb2J0YWluIFJTQSBkb2N1bWVudGF0aW9uLCBsb2cgb24gdG8gUlNB
IFNlY3VyQ2FyZSBPbmxpbmUgYXQgaHR0cHM6Ly9rbm93bGVkZ2UucnNhc2VjdXJpdHkuY29tIGFu
ZCBjbGljayBQcm9kdWN0cyBpbiB0aGUgdG9wIG5hdmlnYXRpb24gbWVudS4gU2VsZWN0IHRoZSBz
cGVjaWZpYyBwcm9kdWN0IHdob3NlIGRvY3VtZW50YXRpb24geW91IHdhbnQgdG8gb2J0YWluLiBT
Y3JvbGwgdG8gdGhlIHNlY3Rpb24gZm9yIHRoZSBwcm9kdWN0IHZlcnNpb24gdGhhdCB5b3Ugd2Fu
dCBhbmQgY2xpY2sgdGhlIHNldCBsaW5rLg0KDQoNCg0KT2J0YWluaW5nIE1vcmUgSW5mb3JtYXRp
b246DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IFJTQSBEYXRhIFByb3RlY3Rpb24gTWFu
YWdlciwgdmlzaXQgdGhlIFJTQSB3ZWIgc2l0ZSBhdCBodHRwOi8vd3d3LnJzYS5jb20vbm9kZS5h
c3B4P2lkPTEyMDMuDQoNCg0KDQpHZXR0aW5nIFN1cHBvcnQgYW5kIFNlcnZpY2U6DQoNCkZvciBj
dXN0b21lcnMgd2l0aCBjdXJyZW50IG1haW50ZW5hbmNlIGNvbnRyYWN0cywgY29udGFjdCB5b3Vy
IGxvY2FsIFJTQSBDdXN0b21lciBTdXBwb3J0IGNlbnRlciB3aXRoIGFueSBhZGRpdGlvbmFsIHF1
ZXN0aW9ucyByZWdhcmRpbmcgdGhpcyBSU0EgU2VjdXJDYXJlIE5vdGUuIEZvciBjb250YWN0IHRl
bGVwaG9uZSBudW1iZXJzIG9yIGUtbWFpbCBhZGRyZXNzZXMsIGxvZyBvbiB0byBSU0EgU2VjdXJD
YXJlIE9ubGluZSBhdCBodHRwczovL2tub3dsZWRnZS5yc2FzZWN1cml0eS5jb20sIGNsaWNrIEhl
bHAgJiBDb250YWN0LCBhbmQgdGhlbiBjbGljayB0aGUgQ29udGFjdCBVcyAtIFBob25lIHRhYiBv
ciB0aGUgQ29udGFjdCBVcyAtIEVtYWlsIHRhYi4NCg0KDQoNCkdlbmVyYWwgQ3VzdG9tZXIgU3Vw
cG9ydCBJbmZvcm1hdGlvbjoNCg0KaHR0cDovL3d3dy5yc2EuY29tL25vZGUuYXNweD9pZD0xMjY0
DQoNCg0KDQpSU0EgU2VjdXJDYXJlIE9ubGluZToNCg0KaHR0cHM6Ly9rbm93bGVkZ2UucnNhc2Vj
dXJpdHkuY29tDQoNCg0KDQpFT1BTIFBvbGljeToNCg0KUlNBIGhhcyBhIGRlZmluZWQgRW5kIG9m
IFByaW1hcnkgU3VwcG9ydCBwb2xpY3kgYXNzb2NpYXRlZCB3aXRoIGFsbCBtYWpvciB2ZXJzaW9u
cy4gUGxlYXNlIHJlZmVyIHRvIHRoZSBsaW5rIGJlbG93IGZvciBhZGRpdGlvbmFsIGRldGFpbHMu
IA0KaHR0cDovL3d3dy5yc2EuY29tL25vZGUuYXNweD9pZD0yNTc1IA0KDQoNCg0KU2VjdXJDYXJl
IE9ubGluZSBTZWN1cml0eSBBZHZpc29yaWVzDQoNClJTQSwgVGhlIFNlY3VyaXR5IERpdmlzaW9u
IG9mIEVNQywgZGlzdHJpYnV0ZXMgU0NPTCBTZWN1cml0eSBBZHZpc29yaWVzIGluIG9yZGVyIHRv
IGJyaW5nIHRvIHRoZSBhdHRlbnRpb24gb2YgdXNlcnMgb2YgdGhlIGFmZmVjdGVkIFJTQSBwcm9k
dWN0cyBpbXBvcnRhbnQgc2VjdXJpdHkgaW5mb3JtYXRpb24uIFJTQSByZWNvbW1lbmRzIHRoYXQg
YWxsIHVzZXJzIGRldGVybWluZSB0aGUgYXBwbGljYWJpbGl0eSBvZiB0aGlzIGluZm9ybWF0aW9u
IHRvIHRoZWlyIGluZGl2aWR1YWwgc2l0dWF0aW9ucyBhbmQgdGFrZSBhcHByb3ByaWF0ZSBhY3Rp
b24uIFRoZSBpbmZvcm1hdGlvbiBzZXQgZm9ydGggaGVyZWluIGlzIHByb3ZpZGVkICJhcyBpcyIg
d2l0aG91dCB3YXJyYW50eSBvZiBhbnkga2luZC4gUlNBIGRpc2NsYWltIGFsbCB3YXJyYW50aWVz
LCBlaXRoZXIgZXhwcmVzcyBvciBpbXBsaWVkLCBpbmNsdWRpbmcgdGhlIHdhcnJhbnRpZXMgb2Yg
bWVyY2hhbnRhYmlsaXR5LCBmaXRuZXNzIGZvciBhIHBhcnRpY3VsYXIgcHVycG9zZSwgdGl0bGUg
YW5kIG5vbi1pbmZyaW5nZW1lbnQuIEluIG5vIGV2ZW50IHNoYWxsIFJTQSBvciBpdHMgc3VwcGxp
ZXJzIGJlIGxpYWJsZSBmb3IgYW55IGRhbWFnZXMgd2hhdHNvZXZlciBpbmNsdWRpbmcgZGlyZWN0
LCBpbmRpcmVjdCwgaW5jaWRlbnRhbCwgY29uc2VxdWVudGlhbCwgbG9zcyBvZiBidXNpbmVzcyBw
cm9maXRzIG9yIHNwZWNpYWwgZGFtYWdlcywgZXZlbiBpZiBSU0Egb3IgaXRzIHN1cHBsaWVycyBo
YXZlIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLiBTb21l
IHN0YXRlcyBkbyBub3QgYWxsb3cgdGhlIGV4Y2x1c2lvbiBvciBsaW1pdGF0aW9uIG9mIGxpYWJp
bGl0eSBmb3IgY29uc2VxdWVudGlhbCBvciBpbmNpZGVudGFsIGRhbWFnZXMgc28gdGhlIGZvcmVn
b2luZyBsaW1pdGF0aW9uIG1heSBub3QgYXBwbHkuDQoNCg0KDQpBYm91dCBSU0EgU2VjdXJDYXJl
IE5vdGVzICYgU2VjdXJpdHkgQWR2aXNvcmllcyBTdWJzY3JpcHRpb24NCg0KUlNBIFNlY3VyQ2Fy
ZSBOb3RlcyAmIFNlY3VyaXR5IEFkdmlzb3JpZXMgYXJlIHRhcmdldGVkIGUtbWFpbCBtZXNzYWdl
cyB0aGF0IFJTQSBzZW5kcyB5b3UgYmFzZWQgb24gdGhlIFJTQSBwcm9kdWN0IGZhbWlseSB5b3Ug
Y3VycmVudGx5IHVzZS4gSWYgeW91kmQgbGlrZSB0byBzdG9wIHJlY2VpdmluZyBSU0EgU2VjdXJD
YXJlIE5vdGVzICYgU2VjdXJpdHkgQWR2aXNvcmllcywgb3IgaWYgeW91kmQgbGlrZSB0byBjaGFu
Z2Ugd2hpY2ggUlNBIHByb2R1Y3QgZmFtaWx5IE5vdGVzICYgU2VjdXJpdHkgQWR2aXNvcmllcyB5
b3UgY3VycmVudGx5IHJlY2VpdmUsIGxvZyBvbiB0byBSU0EgU2VjdXJDYXJlIE9ubGluZSBhdCBo
dHRwczovL2tub3dsZWRnZS5yc2FzZWN1cml0eS5jb20vc2NvbGNtcy9oZWxwLmFzcHg/X3Y9dmll
dzMuIEZvbGxvd2luZyB0aGUgaW5zdHJ1Y3Rpb25zIG9uIHRoZSBwYWdlLCByZW1vdmUgdGhlIGNo
ZWNrIG1hcmsgbmV4dCB0byB0aGUgUlNBIHByb2R1Y3QgZmFtaWx5IHdob3NlIE5vdGVzICYgU2Vj
dXJpdHkgQWR2aXNvcmllcyB5b3Ugbm8gbG9uZ2VyIHdhbnQgdG8gcmVjZWl2ZS4gQ2xpY2sgdGhl
IFN1Ym1pdCBidXR0b24gdG8gc2F2ZSB5b3VyIHNlbGVjdGlvbi4NCg0KRU1DIFByb2R1Y3QgU2Vj
dXJpdHkgUmVzcG9uc2UgQ2VudGVyDQpTZWN1cml0eV9BbGVydEBFTUMuY29tDQpodHRwOi8vd3d3
LmVtYy5jb20vY29udGFjdC11cy9jb250YWN0L3Byb2R1Y3Qtc2VjdXJpdHktcmVzcG9uc2UtY2Vu
dGVyLmh0bQ0KDQoNCi0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tClZlcnNpb246IEdudVBH
IHYxLjQuOSAoQ3lnd2luKQoKaUVZRUFSRUNBQVlGQWs2eTBEc0FDZ2tRdGpkMnJLcCtBTHhGYWdD
Z2tnNHM1UjVEU2toSkZwSzBNSmRyNkRvNgplS0lBbjBIM0RGZEtnTkJFV2pHaWFWRVNTOU03V2F4
Vwo9aW5qaQotLS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS0K

--Boundary_(ID_d1bO1mhpYMZF+62DLVQJfw)--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC