Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

found a security hole

3 posts in General Discussion Last posting was on 2006-10-18 16:52:35.0Z
glenn brown Posted on 2006-10-15 05:51:02.0Z
Sender: 2032.45317b22.1804289383@sybase.com
From: glenn brown
Newsgroups: ianywhere.public.general
Subject: found a security hole
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <45317bd0.203d.1681692777@sybase.com>
X-Original-NNTP-Posting-Host: 10.22.241.42
X-Original-Trace: 14 Oct 2006 17:07:44 -0700, 10.22.241.42
Lines: 7
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 14 Oct 2006 22:46:55 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 14 Oct 2006 22:51:02 -0700
X-Trace: forums-1-dub 1160891462 10.22.108.75 (14 Oct 2006 22:51:02 -0700)
X-Original-Trace: 14 Oct 2006 22:51:02 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:5672
Article PK: 1686

we are running pylon 7.08 and we just found a security hole.

We have 2 users with similar names the user names are
sysmith and sysmithb. because the short name is included,
sysmith can see both her email sysmithb's email.

Glenn


Rob Waywell Posted on 2006-10-16 13:45:32.0Z
From: "Rob Waywell" <rwaywell_no_spam_please@ianywhere.com>
Newsgroups: ianywhere.public.general
References: <45317bd0.203d.1681692777@sybase.com>
Subject: Re: found a security hole
Lines: 31
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Original
X-Original-NNTP-Posting-Host: rwaywell-xp2.sybase.com
Message-ID: <45338ad7$2@forums-2-dub>
X-Original-Trace: 16 Oct 2006 06:36:23 -0700, rwaywell-xp2.sybase.com
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 16 Oct 2006 06:37:18 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 16 Oct 2006 06:45:32 -0700
X-Trace: forums-1-dub 1161006332 10.22.108.75 (16 Oct 2006 06:45:32 -0700)
X-Original-Trace: 16 Oct 2006 06:45:32 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:5674
Article PK: 1688

Please submit the reproducible case to Tech Support.

--
-----------------------------------------------
Robert Waywell
Sybase Adaptive Server Anywhere Developer - Version 8
Sybase Certified Professional

Sybase's iAnywhere Solutions

Please respond ONLY to newsgroup

EBF's and Patches: http://downloads.sybase.com
choose SQL Anywhere Studio >> change 'time frame' to all

To Submit Bug Reports:
http://case-express.sybase.com/cx/cx.stm?starturl=casemessage.ssc?CASETYPE=Bug

SQL Anywhere Studio Supported Platforms and Support Status
http://my.sybase.com/detail?id=1002288

<glenn brown> wrote in message news:45317bd0.203d.1681692777@sybase.com...
> we are running pylon 7.08 and we just found a security hole.
>
> We have 2 users with similar names the user names are
> sysmith and sysmithb. because the short name is included,
> sysmith can see both her email sysmithb's email.
>
> Glenn


"Gerald Gillespie" <ggillespie Posted on 2006-10-18 16:52:35.0Z
From: "Gerald Gillespie" <ggillespie@no_spam_today_ianywhere.com>
Newsgroups: ianywhere.public.general
References: <45317bd0.203d.1681692777@sybase.com>
Subject: Re: found a security hole
Lines: 24
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
NNTP-Posting-Host: ggillesp-pc.sybase.com
X-Original-NNTP-Posting-Host: ggillesp-pc.sybase.com
Message-ID: <45365bd3@forums-1-dub>
Date: 18 Oct 2006 09:52:35 -0700
X-Trace: forums-1-dub 1161190355 10.25.98.105 (18 Oct 2006 09:52:35 -0700)
X-Original-Trace: 18 Oct 2006 09:52:35 -0700, ggillesp-pc.sybase.com
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:5677
Article PK: 1691

We could not reproduce this scenario in our test lab following several
combinations of authentication types and backends.

Could you please submit a free bug case via case Express at:
http://case-express.sybase.com/cx/cx.stm?starturl=casemessage.ssc?CASETYPE=Bug
or open a technical support case. Please provide explicit steps and details
of your test environment.

TIA,
--
Gerald Gillespie
iAnywhere Solutions
ggillesp@no_spam_today_ianywhere.com

<glenn brown> wrote in message news:45317bd0.203d.1681692777@sybase.com...
> we are running pylon 7.08 and we just found a security hole.
>
> We have 2 users with similar names the user names are
> sysmith and sysmithb. because the short name is included,
> sysmith can see both her email sysmithb's email.
>
> Glenn