Addresses the issue "Security fi

View Knowledge

Knowledge ID 2055

Product : Ensim Pro for Linux

Version : 4.0.1

Topic : Hotfix

Summary
Addresses the issue "Security fix for exploit involving scheduled backup vulnerability"

Prevention

Details

Product: Ensim Pro for Linux
Version: 4.0.1 (Fedora Core 1 and Red Hat Enterprise Linux 3ES)
Date: August 01,2005
Hotfix Description: Addresses the issue:
Security fix for exploit involving scheduled backup vulnerability
Overview : Site admin can gain root privileges due to a vulnerability in the scheduled backup feature. This hotfix will prevent further exploits of this vulnerability.

Download :
ftp://ftp.ensim.com/download/pro/linux/4.0.1/hotfix/rootexploit/vhbackup_be_interface
(md5sum: d89fc9fd789258e2b376620eed43dcac )

For fc1: ftp://ftp.ensim.com/download/pro/linux/4.0.1/hotfix/rootexploit/fc1/secure.pyc
(md5sum: fe746832e5c5638b74f2813648b85d7c )
ftp://ftp.ensim.com/download/pro/linux/4.0.1/hotfix/rootexploit/fc1/vhbackup.pyc
(md5sum: 027f1ff2b3d000f411e36e7a6de63e40 )

For RHEL3:
ftp://ftp.ensim.com/download/pro/linux/4.0.1/hotfix/rootexploit/rhel3/secure.pyc
(md5sum: c97c1e3bf8a1c2aa0a078db1c7e4ff6d )
ftp://ftp.ensim.com/download/pro/linux/4.0.1/hotfix/rootexploit/rhel3/vhbackup.pyc
(md5sum: f96d1c010cc6b9cbaf28b466f8b0889f )

Installation Procedure:

1) Backup /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc and /usr/lib/opcenter/vhbackup/vhbackup_be_interface

2) Download all the files for your respective OS and LWP version

3) Backup the scheduled jobs using,
cp -a /var/VhbackupSchedules /root/VhbackupSchedules_backup

4) Run the following command to check for issues of scheduled backup and fix it .
python secure.pyc

Please note this command does not return any messages to the console.

If any of your scheduled backups fail after running this command, you will need to manually reset the password for that job.

5) Replace existing vhbackup.pyc with the one downloaded from the above link

cp vhbackup.pyc /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc

6) Replace existing vhbackup_be_interface with the one downloaded from the above link

cp vhbackup_be_interface /usr/lib/opcenter/vhbackup/vhbackup_be_interface

7) Set permission on vhbackup.pyc to 600 and vhbackup_be_interface to 750

chmod 600 /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc

chmod 750 /usr/lib/opcenter/vhbackup/vhbackup_be_interface

8) Restart the control panel using,

service webppliance restart

Attachments

Related Knowledge

Related Links

Contact Technical Support

Submit Ticket

Last Modified	Usage	Satisfied	Last Used
8/1/2005 1:35:41 PM	25		2/11/2008 8:32:03 AM