Educause Security Discussion mailing list archives
Blackboard security vulnerability
From: Steven M Werby/FS/VCU <smwerby () VCU EDU>
Date: Wed, 26 Aug 2009 13:59:12 -0400
My colleagues that manage Blackboard received an email from Blackboard yesterday about a security vulnerability and Blackboard's hotfix (excerpts below). They contacted our rep at Blackboard to find out more about the vulnerability and were told "I'm getting the impression that it's not that big a deal and that it can wait...sorry they won't tell me more". Do any of you know have details about the vulnerability? I have to wonder whether there are exploits in the wild, despite what they said. They claim it was discovered internally and there are no known exploits, but the lack of even basic details about the vulnerability and mixed messages from the vendor make me wonder. That said, we're moving forward with testing and deploying the updates.
In response to an internally discovered security vulnerability in the Blackboard Classic product line, a Hotfix is now available on Behind the Blackboard for the latest Service Pack of all fully supported releases as well as Release 7.2 and 7.1.
SNIP
We recognize for many of our clients that this is the most challenging time of year to receive a Hotfix; however, the timing is solely dependent on the discovery of the vulnerability. Blackboard did research the feasibility of creating a Hotfix for all available releases, but we determined it would exponentially increase development time and would also delay the release of a Hotfix for the targeted Service Packs. Therefore, only the last Service Pack for each release will receive a Hotfix. While we have no knowledge of any exploitation of this vulnerability, Blackboard urges all institutions to immediately apply the Hotfix.
SNIP
Because timelines for upgrading to one of these releases will vary by institution, Blackboard will not publish detailed information on this vulnerability to prevent any potential exploitation.
-- Steve Werby Information Security Officer Virginia Commonwealth University VCU Information Security - http://infosecurity.vcu.edu/ Information Security News, Tips & More - http://www.twitter.com/vcuinfosec Information Security Best Practices - http://infosecurity.vcu.edu/docs/information-security-best-practices.pdf
Current thread:
- Blackboard security vulnerability Steven M Werby/FS/VCU (Aug 26)
- <Possible follow-ups>
- Re: Blackboard security vulnerability Patrick Ouellette (Aug 26)
- Re: Blackboard security vulnerability Steven M Werby/FS/VCU (Aug 26)