Security Updates 2016 and earlier - Reflection X Advantage

  • 7021823
  • 14-Oct-2010
  • 24-Mar-2018

Environment

Reflection X Advantage version 4.0 or higher

Situation

This technical note describes security issues related to Reflection X Advantage. If you rely on the security features of this product, you should consult this technical note on a regular basis for any updated information regarding these features.

Note: Reflection X Advantage is available as a component of multiple Reflection products; see KB 7021831 for more information.

Resolution

Other Useful Resources

Java and Reflection X Advantage

A Java Runtime Environment (JRE) is required for all Reflection X Advantage applications and services. Oracle periodically provides security updates for Java. Attachmate assesses the impact of Java security vulnerabilities on Reflection X Advantage and supplies updated installation packages as needed to provide customers with Java security fixes.

The options available to you for installing Java updates depend on which version of Reflection X Advantage you are running.

Version 5.0 or higher on Windows

Reflection X Advantage 5.0 installs a private Java by default. On Windows, this installation is accomplished using a separate Java installation package. The Java installation package runs automatically when you install using the Setup user interface and include the "Java Runtime Environment (JRE)" feature (the default). On UNIX systems, Java is included in the Reflection X Installer, not as a separate installation package.

  • Installing Updates to the Default Copy of Java (Windows only)

Attachmate provides updated Java installers as needed when a Java security vulnerability affects Reflection X Advantage. This technical note will be updated when an updated Attachmate Java installer is available. You can download the updated version and apply it independently of any updates you apply to the main Reflection installer package. For more information, see KB 7021833.

  • Installing Updates Directly from Oracle

If you prefer to update Java more frequently, you can monitor the Oracle site and install Java directly using the Oracle JDK installer (which installs the server JRE). To use this option, you need to deselect the "Java Runtime Environment (JRE)" feature in the Reflection installer and configure a Windows environment variable (RXA_JRE_HOME) to direct Reflection X Advantage to use the non-default JRE. For full functionality, you also need to apply the Java Cryptography Extension. The cryptography extension is recommended for all installations. The cryptography extension is required if you run in domain mode and/or if you enforce higher security standards by running in FIPS mode. For details, see "Changing the JRE" in the Reflection X Advantage Help (http://docs.attachmate.com/reflection/rxa/5.0/en/tshelp/rxa_change_jre.htm).

Note: If you don't install the default Java and also don't configure the RXA_JRE_HOME environment variable, Reflection X Advantage attempts to find a system JRE already installed using the Oracle installer. Relying on this option is not recommended. The default JRE installed from a browser does not include unlimited strength cryptography files and installs the client, not the server JRE.

Version 4.2 and Earlier on Windows (Included in Reflection 2011 Products)

All UNIX Installations

Prior to version 5.0, all Reflection X Advantage installations included a private copy of Java included directly in the product installer. Reflection X Advantage UNIX installers continue to install Java this way. For these products, Attachmate will update the Reflection installer with an updated version of Java as needed when a Java security vulnerability affects Reflection X Advantage. This technical note will be updated when an updated Reflection installer is available.

For more information about Java and Attachmate products, see KB 7021973.

Security Alerts and Advisories

The following security alerts and advisories may affect your product installation, or the security of your operating system or network environment. We recommend that you review these alerts and advisories.

Note: This information is non-inclusive—it does not attempt to address all security issues that may affect your system.

IMPORTANT REMINDER: The security for all of the Attachmate products using the Attachmate security features depends upon the security of the operating system, host, and network environment. We strongly recommend that you evaluate and implement all relevant security service packs, updates, and patches recommended by your operating system, host, and network manufacturers. For more information, see KB 7021969.

Alert
Multiple Oracle Java Vulnerabilities
Summary
Multiple security issues have been addressed in the latest Oracle Java update. We recommend that you keep current with Java releases.
Date Posted and Product Status
April 2016 – For Windows, an updated Attachmate installation package for Java 8 Update 71 (JDK 1.8.0_71) or higher is available from Attachmate Downloads for Reflection Desktop for X, Reflection Desktop Pro, Reflection Suite for X, and Reflection X customers. For information about How to Update Java Using the Attachmate Installation Package, see KB 7021833.
For UNIX: For information about How to Update Java used by Reflection X Advantage on UNIX Systems, see KB 7021834
.
Date Posted and Product Status
September 2015 – For UNIX, Java 7 Update 75 (JDK 1.7.0_75) is included in Reflection X Advantage 5.0 Service Pack 1 Update 1 (version 5.0.985), available from the Downloads website. If you wish to use a newer Java version on UNIX, see KB 7021834.
Date Posted and Product Status
April 2015 – For Windows, an updated Attachmate installation package for Java 7 Update 80 (JDK 1.7.0_80) or higher is available from Attachmate Downloads for Reflection X 2014, Reflection Pro 2014, Reflection X 14.x, and Reflection Suite for X 14.x customers. For information about How to Update Java Using the Attachmate Installation Package, see KB 7021833.
For UNIX: For information about How to Update Java used by Reflection X Advantage on UNIX Systems, see KB 7021834
.
Date Posted and Product Status
February 2015 – For Windows, an updated Attachmate installation package for Java 7 Update 75 (JDK 1.7.0_75) or higher is available from Attachmate Downloads for Reflection X 2014, Reflection Pro 2014, Reflection X 14.x, and Reflection Suite for X 14.x customers. For information about How to Update Java Using the Attachmate Installation Package, see KB 7021833.

For UNIX, a hotfix that includes Java 7 Update 75 (JDK 1.7.0_75) is available by contacting Attachmate Technical Support.

Date Posted and Product Status
October 2014 – For Windows, an updated Attachmate installation package for Java 7 Update 71 (JDK 1.7.0_71) or higher is available from Attachmate Downloads for Reflection X 2014, Reflection Pro 2014, Reflection X 14.x, and Reflection Suite for X 14.x customers. For information about How to Update Java Using the Attachmate Installation Package, see KB 7021833.

For UNIX: For information about How to Update Java used by Reflection X Advantage on UNIX Systems, see KB 7021834
.
Date Posted and Product Status
August 2014 – For Windows, an updated Attachmate installation package for Java 7 Update 65 (JDK 1.7.0_65) or higher is available from Attachmate Downloads for Reflection X 2014, Reflection Pro 2014, Reflection X 14.x, and Reflection Suite for X 14.x customers. For information about How to Update Java Using the Attachmate Installation Package, see KB 7021833.

For UNIX: For information about How to Update Java used by Reflection X Advantage on UNIX Systems, see KB 7021834
.
Date Posted and Product Status
May 2014 – For UNIX: Reflection X Advantage 5.0 Update 1installs Java 7 Update 55 (JDK 1.7.0_55).

For Windows, an updated Attachmate installation package for Java 7 Update 55 (JDK 1.7.0_55) or higher is available from Attachmate Downloads for Reflection X 2014, Reflection Pro 2014, Reflection X 14.x, and Reflection Suite for X 14.x customers. For information about How to Update Java Using the Attachmate Installation Package, see KB 7021833
.
Date Posted and Product Status
February 2014 – Reflection X Advantage 5.0 installs Java 7 Update 45 (JDK 1.7.0_45).
Date Posted and Product Status
August 2013 – Reflection X Advantage 4.2 Service Pack 1 installs Java 7 Update 13 (JDK 1.7.0_13).
Date Posted and Product Status
October 2012 – Reflection X Advantage 4.2 installs Java 7 Update 5 (JDK 1.7.0_05).
Additional Information
For details about the vulnerabilities fixed by Oracle, see the Oracle web site at http://www.oracle.com/technetwork/topics/security/alerts-086861.html#CriticalPatchUpdates and scroll to the Java SE Critical Patch Update table.
Alert
glibc Stack-based Buffer Overflow Vulnerability (CVE-2015-7547)
Date Posted
February 2016
Summary
The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() function is used.
Product Status
Reflection X Advantage version 5.0 and later is subject to this vulnerability when run on Red Hat or SUSE platforms if the GNU C Library (glibc) installed on the system is version 2.9 or greater.
For information on how to update your Red Hat system, see
https://access.redhat.com/security/cve/cve-2015-7547.
For information on how to update your SUSE system, see
https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1.html.
Reflection X Advantage version 5.0 and later running on AIX, HP-UX, and Solaris systems is
not vulnerable.
Reflection X Advantage versions 4.2 and earlier are
not vulnerable.
Additional Information
For vulnerability details, see:
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html.
Alert
Diffie-Hellman Logjam Vulnerabilities (CVE-2015-4000)
Date Posted
June 2015, Updated September 2015
Summary
With TLS protocol 1.2, if DHE_EXPORT ciphersuite is supported by the server, man-in-the-middle attackers can conduct cipher-downgrade attacks. Additionally, with any TLS or SSH connection that uses weaker DH Groups (1024 bits or less) for key exchange, an attacker can passively eavesdrop and decrypt sessions.
Product Status
X server connections are not vulnerable to the man-in-the-middle cipher downgrade attack, as DHE_EXPORT is not supported.

SSH client connections used to start X clients
may be vulnerable, depending on the SSH server. Although 2048-bit Group Exchange algorithm is requested by default, a vulnerable 1024-bit Group is enabled and accepted in X client definitions created with version 5.0.977 or earlier. To avoid this vulnerability:
* Disable the Group1 (1024-bit) algorithm in your X client definition (SSH > Advanced > Encryption > Key Exchange Algorithms).
* Verify your SSH server does not return a 1024-bit Group when 2048-bit Group Exchange is requested.

Beginning with Reflection X Advantage version 5.0.983, Group1 is disabled by default for new X client definitions using SSH. For Windows platforms, this version is included with Reflection 2014 hotfix installers beginning in version 15.6.1.797. Maintained customers can obtain Reflection X Advantage 5.0 Service Pack 1 Update 1 (version 9.0.985) or higher from the Downloads website.

Additional Information
For details, see the National Vulnerability Database site:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000
Alert
FreeType Library Vulnerabilities (CVE-2014-9657 and CVE-2014-9658)
Date Posted
June 2015, Updated September 2015
Summary
Functions in the FreeType library before version 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
Product Status
These issues are addressed in Reflection X Advantage version 5.0.977 and higher. For Windows platforms, this version is included with Reflection 2014 hotfix installers beginning in version 15.6.1.797. Maintained customers can obtain Reflection X Advantage 5.0 Service Pack 1 Update 1 (version 9.0.985) or higher from the Downloads website.
Additional Information
For details, see the National Vulnerability Database site:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9657
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9658

Alert
Multiple X.Org BDF Font Parser Vulnerabilities (CVE-2015-1802, CVE 2015-1803, CVE-2015-1804)
Date Posted
April 2015, Updated September 2015
Summary
The bdfReadProperties and bdfReadCharacters functions in bitmap/bdfread.c in X.Org libXfont allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted BDF font file or font properties.
Product Status
These issues are fixed in Reflection X Advantage beginning in version 5.0.974. For Windows platforms, this is version is included with Reflection 2014 hotfix installers beginning in version 15.6.1.788. Maintained customers can obtain Reflection X Advantage 5.0 Service Pack 1 Update 1 (version 9.0.985) or higher from the Downloads website.
Additional Information
For details, see the National Vulnerability Database site:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1802
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1803
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1804
Alert
Oracle Java Unspecified Vulnerability (CVE-2015-0488)
Date Posted
April 2015
Summary
An unspecified vulnerability in Oracle Java Standard Edition 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to Java Secure Socket Extension (JSSE).
Product Status
Reflection X Advantage 5.0 uses JSSE and may be affected. This issue is addressed in a Java update. Refer to the “Multiple Oracle Java Vulnerabilities” Alert.
Additional Information
For details, see the National Vulnerability Database site:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0488
Alert
Certificate Blacklist Protection Vulnerability (CVE-2014-8275)
Date Posted
April 2015
Summary
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
RSA has confirmed that this vulnerability applies to RSA Crypto-J versions prior to 6.2.

Product Status
Reflection X Advantage is not subject to this vulnerability.
Additional Information
For details, see the National Vulnerability Database: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8275.
Alert
Information leak in the XkbSetGeometry request of X servers (CVE-2015-0255)
Date Posted
February 2015
Summary
A malicious client with string lengths exceeding the [XkbGeometry] request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request.
Product Status
Reflection X Advantage is not affected by this issue.
Additional Information
For vulnerability details, see the X.Org Foundation or the National Vulnerability Database:
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0255.
Alert
OpenSSL "Heartbleed" Vulnerability CVE-2014-0160
Date Posted
April 2014
Summary
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.
Product Status
Reflection X Advantage is not affected by this issue.
Additional Information
For details and the latest information on mitigations, see the following:
US-CERT Technical Alert:
https://www.us-cert.gov/ncas/alerts/TA14-098A
CERT-CC Vulnerability Note VU#720951:
http://www.kb.cert.org/vuls/id/720951
National Vulnerability Database:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160.
Alert
RSA Security Advisory: ESA-2013-068 Crypto-J Default DRBG May Be Compromised
Date Posted
February 2014
Summary
RSA strongly recommends that customers discontinue use of the default Dual EC DRBG (deterministic random bit generator) and move to a different DRBG.
Product Status
Reflection X Advantage 5.0 is not subject to this vulnerability. Reflection X Advantage 5.0 installs version 6.1 of RSA’s Crypto-J library, but programmatically sets a different DRBG algorithm. Future Reflection X Advantage versions will ship with a Crypto-J library that is not subject to this issue.

Earlier versions of Reflection X Advantage are also
not subject to this vulnerability; they ship an older Crypto-J library, in which the default DRBG is different from the default in the newer Crypto-J library.
Additional Information
For details, see the National Vulnerability Database site at http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf.
Alert
Vulnerability Summary for CVE-2013-0422
Date Posted
January 2013
Summary
Oracle Java 7 Update 10 or earlier allows remote attackers to execute arbitrary code as exploited "in the wild" and demonstrated by exploit tools such as Blackhole and Nuclear Pack. Note: Oracle states that Java 6 is not affected.

According to Oracle, to be successfully exploited, an unsuspecting user running an affected release in a browser needs to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. These vulnerabilities are not applicable to Java running on servers or within applications.

Product Status
Reflection X Advantage is not subject to this vulnerability, however two optional methods of launching sessions rely on browser functionality provided by Java. Domain mode sessions launched using Java Web Start require that JNLP be enabled. Reflection sessions configured using the Administrative WebStation (included in Reflection Administrator, Reflection Security Gateway, and Reflection for the Web, sold separately from Reflection X Advantage) require that Reflection be launched from a browser with a Java plug-in enabled. It is the Java plug-in and Web Start that can be exploited, not Reflection X Advantage. To minimize the risk described in this vulnerability, you should refer to the latest information provided by Oracle and install a version of Java that addresses this vulnerability.
Additional Information
For details, see the National Vulnerability Database at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422 and Oracle's site at http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html.
Alert
Multiple Oracle Java Vulnerabilities in Java 7 Update 3 or earlier
Date Posted
October 2012
Summary
Multiple security issues have been addressed in Oracle Java 7 Update 3 or earlier.
Product Status
These issues are resolved in Reflection X Advantage 4.2, which installs Java 7 Update 5 (JDK 1.7.0_05).
Additional Information
For details about the vulnerabilities fixed by Oracle, see the Oracle web site at http://www.oracle.com/technetwork/topics/security/alerts-086861.html#CriticalPatchUpdates and scroll to the Java SE Critical Patch Update table.
Alert
Vulnerability Summary for CVE-2012-2118
Date Posted
June 2012
Summary
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
Product Status
Reflection X Advantage is not subject to this vulnerability.
Additional Information
For details, see the National Vulnerability Database site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2118.
Alert
Floating Point Number Vulnerability CVE-2010-4476
Date Posted
November 2011
Summary
Oracle Security Alert: "This Security Alert addresses security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number), which is a vulnerability in the Java Runtime Environment component of the Oracle Java SE and Java for Business products. This vulnerability allows unauthenticated network attacks (that is, it may be exploited over a network without the need for a username and password). Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment. Java based application and web servers are especially at risk from this vulnerability."
Product Status
This issue is resolved in Reflection X Advantage 4.0, which installs Version 6 Update 26 of the Java Runtime Environment.
Additional Information
For details see the Oracle web site at http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html, and the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476.
Alert
Vulnerability Summary for CVE-2010-3558
Date Posted
May 2011
Summary
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 may allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Product Status
Issue has been fixed when you apply Reflection 2011 R1 SP1 to Reflection X Advantage. Service Pack 1 (SP1) installs Version 6 Update 23 of the Java Runtime Environment, which resolves the issue.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3558.
Alert
US-CERT Technical Cyber Security Alert TA10-238A
Date Posted
October 2010
Summary
Due to the way Microsoft Windows loads dynamically linked libraries (DLLs), an application may load an attacker-supplied DLL instead of the legitimate one, resulting in the execution of arbitrary code.
Product Status
Reflection X Advantage is not subject to this vulnerability.
Additional Information
For details, see the US-CERT web site at http://www.us-cert.gov/cas/techalerts/TA10-238A.html.
Alert
Vulnerability Summary for CVE-2008-2362
Date Posted
October 2010
Summary
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code using a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
Product Status
Issue has been fixed in Reflection X Advantage 3.0.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2362.
Alert
Vulnerability Summary for CVE-2008-2361
Date Posted
October 2010
Summary
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
Product Status
Issue has been fixed in Reflection X Advantage 3.0.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2361.
Alert
Vulnerability Summary for CVE-2008-2360
Date Posted
October 2010
Summary
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
Product Status
Issue has been fixed in Reflection X Advantage 3.0.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2360.
Alert
Vulnerability Summary for CVE-2008-1377
Date Posted
October 2010
Summary
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code through requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Product Status
Issue does not affect Reflection X Advantage 3.0.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1377.
Alert
Vulnerability Summary for CVE-2008-0006
Date Posted
October 2010
Summary
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code using a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
Product Status
Issue does not affect Reflection X Advantage 3.0.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0006.
Alert
Vulnerability Summary for CVE-2007-6429
Date Posted
October 2010
Summary
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code using (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
Product Status
Issue does not affect Reflection X Advantage 3.0.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6429.
Alert
Vulnerability Summary for CVE-2007-6428
Date Posted
October 2010
Summary
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations using a request containing a 32-bit value that is improperly used as an array index.
Product Status
Issue does not affect Reflection X Advantage 3.0.
Additional Information
For details, see the National Vulnerability Database web site at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6428.

Notice: This technical note is updated from time to time and is provided for informational purposes only. Attachmate makes no representation or warranty that the functions contained in our software products will meet your requirements or that the operation of our software products will be interruption or error free. Attachmate EXPRESSLY DISCLAIMS ALL WARRANTIES REGARDING OUR SOFTWARE INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Status

Security Alert

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 2505.