Google has issued a patch to cover a range of security
holes in its Google Mini enterprise search appliance.
The Google Mini is a scaled down version of the higher-end
Google Search Appliance, and is sold to firms with up to about
1,000 employees or to departments within larger organisations.
Internet security researcher Metasploit Project reported several
bugs in the system that allowed remote attackers to read stored
files, take over corporate systems and conduct cross-site scripting
attacks.
Secunia, another internet security firm, described the flaws as
“highly critical”.
Flaws were discovered in a feature that allows customisation of
the Google Mini’s search interface through XSLT (Extensible
Style-sheet Language Transformations) style-sheets.
These flaws allowed hackers to launch malicious attacks. Google
said it wasn’t aware of any attacks on its customers as a result of
the flaws.
