• Home
• Products
• Services
• Customer Area
• Search Contact Us
• About Us
•  

• Amlib
• Amlib NetOpacs Security Patch for Amlib v5.1 and Amlib v5.2 (24/03/2011)
• NetOpacs 5.2.1 (Patch Release to NetOpacs 5.2) Now Available

Amlib NetOpacs Security Patch for Amlib 5.1 and Amlib 5.2

We would to advise you that a remote security vulnerability has been discovered in Amlib NetOpacs v5.x. This vulnerability allows malicious files to be written to the server. OCLC has a patch that closes this avenue of attack.

This vulnerability was reported in Amlib NetOpacs version 5.x, which could be exploited by malicious people trying  to compromise a vulnerable system. The vulnerability was caused due to a boundary error in webquery.dll when processing web requests. This could be exploited to cause a stack-based buffer overflow via an overly-long string which may allow execution of arbitrary code.

• Refer to: Secunia Advisory SA40890: https://secunia.com/advisories/40890/

While there were no reports of this vulnerability being exploited, The OCLC Information Security Team worked with our Amlib developers to ensure that this vulnerability, and others like it, were fully remediated. We periodically conduct security vulnerability scans on Amlib; the last was completed December 2010. Our code fixes will be incorporated in the next release Amlib, AmlibNet and Amlib NetOpac, which will be Amlib v5.3. We are taking additional measures to complete a security audit of Amlib v5.3, including code review by the OCLC Information Security Team. Our goal is to continue to improve the security of the Amlib product.

Details are provided here for applying the security patch to either Amlib 5.1 or Amlib 5.2.  Please download the patch and instructions corresponding to the version of Amlib which your library is currently using.

Amlib NetOpacs Software and Documentation

The necessary documentation and software is available from the ‘Downloads and Software Updates’ area of our Amlib Content Portal at:

• http://122.100.4.10/ContentPortal/docs/~F1006 using your Content Portal login:

• Don't know your Content Portal login details? - Contact Amlib Support

To patch your Amlib 5.1 Server, download the patch and following the instructions in the Netopacs 5.1 Security Patch document:

• V5.1 Patch: NetOpacs51SecurityPatch.exe
• http://122.100.4.10/ContentPortal/docs/~D11154
• Instructions for applying Amlib v5.1 patch: NetOpacs 5.1 Security Patch
• http://122.100.4.10/ContentPortal/docs/~D11129

To patch your Amlib 5.2 Server, download the patch and following the instructions in the Netopacs 5.2 Security Patch document:

• v5.2 Patch: NetOpacs52SecurityPatch.exe
• http://122.100.4.10/ContentPortal/docs/~D11153
• Instructions for applying Amlib v5.2 patch: NetOpacs 5.2 Security Patch
• http://122.100.4.10/ContentPortal/docs/~D11131

NetOpacs Product Serial Numbers

Reminder: you will need to have the Amlib NetOpacs 5.2 product serial numbers to apply this patch. If you do not already have this serial number you will need to request it in writing from Amlib Support, which you may do by either logging a new support incident via our Online Support Helpdesk:

• https://servicedesk.oclc.org/tas/public/index.jsp

or email your request to:

• support-amlib@oclc.org

Further Questions

Should you have any questions, need additional details, or assistance in understanding what this means for your institution or your collection please contact Support at 1300 260 795 (local call cost within Australia) or +61 8 6104 7200, or e-mail support-amlib@oclc.org (Hours: Monday - Friday, 7 a.m. – 5.00 p.m. [Australia Western Standard Time]

© 2011 OCLC (UK) Limited / WorldCat