Article ID: 115840, created on Mar 27, 2013, last review on May 11, 2014

  • Applies to:
  • Business Automation

Problem

The critical security vulnerability PBA-46481 was found in Parallels Business Automation 5.x for Linux.
This vulnerability allows remote attacker to read files on PBA application server.
This KB article specifies exact steps you need to follow in order to protect your system.

The fix applies rewrite rules that prevent malicious URLs to be passed into application.
The complete fix is released with PBA 5.4.13 update.

Note: Parallels Business Automation 5.x for Windows environments are not affected.


Resolution

In order to install this hotfix you need to perform below steps:

1. Log in to PBA application server as user root.

2. Change directory:
cd /usr/local/bm/tools/

3. Run configuration script:
./configure.pl

4. Verify that hotfix was installed - see the following in script output (or in /usr/local/bm/log/pba_hotfixes.log):

[DATE] Downloading pba-hf115840.sh ... [DONE]
[DATE] Installing hotfix "PBA 5.4 HF 115840" ... [DONE]

Q&A


Q1. Will hotfix installation cause downtime of any services?
A1. Only Apache service will be restarted on PBA Application server during hotfix installation.

Q2. What exactly will be installed by running the configure.pl script - only required hotfix or something else?
A2. Very small chances that something else apart the required hotfix will be installed, particular update may have other hotfixes, e.g. PBA 5.4.9 has hotfix KB 115304, it should be already installed.
 

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF