3 Replies Latest reply on Jun 23, 2009 7:04 AM by rsprim

Orion NPM v9.5 Vulnerability

rsprim Jun 15, 2009 7:57 AM

We are running security scans of the Orion NPM v9.5 software utilizing Retina and have found the following vulnerability with the software.

http://secunia.com/advisories/32609/

Solution:
The vulnerability is fixed in version 8.0.20081.142 of the ActiveX control.

We were hoping that SP1 resolved this vulnerability but it didn't. The solution is to upgrade to version 8.0.20081.142 of the ActiveX control. We can not release the upgrade to our sites until this is resolved. SolarWinds - Can you provide an update to this Active X component or provide a workaround to upgrade the component so we can clear the security scans? Thanks!

Robert

Re: Orion NPM v9.5 Vulnerability

Karlo.Zatylny Jun 19, 2009 4:05 PM (in response to rsprim)

Hi,

We have done some analysis about this vulnerability and since this control is no longer required by Orion NPM 9.5, you can unregister this component with "regsvr32 /u c1sizerppg.dll" and then remove clsizerppg.dll from Program Files/Common Files/Solarwinds.

Please let us know if this works for you.

Thanks
Like (0)

Actions
- Re: Orion NPM v9.5 Vulnerability
  
  Karlo.Zatylny Jun 22, 2009 1:23 PM (in response to Karlo.Zatylny)
  
  As an addendum to my answer. Engineer's Toolset does use this control but will stop using it in the 10.2 release. So if you have Toolset installed on this same box, that might be why you are seeing this control.
  So once 10.2 is released and you have successfully upgraded, we believe this vulnerability should go away.
  Thanks
  
  Like (0)
  
  Actions
  - Re: Orion NPM v9.5 Vulnerability
    
    rsprim Jun 23, 2009 7:04 AM (in response to Karlo.Zatylny)
    
    Karlo,
    Thanks for looking into this for us. When do you expect 10.2 to be released? I'm also interested in SP2 for Orion if you happen to know a timeframe for that release as well. Thanks!
    Robert
    
    Like (0)
    
    Actions

Go to original post