Article ID: 2370, created on Oct 29, 2007, last review on May 1, 2014

  • Applies to:
  • Pro Control Panel Linux

AdditionalInformation

View Knowledge
Knowledge ID 1125
Product : WEBppliance for Linux
Version : 3.5.17
Topic : Notification

Title
Security Fix : WEBppliance Pro 3.5.17 (LS)

Summary
Security Fix : WEBppliance Pro 3.5.17 (LS)

Prevention


Details
Solution:

WEBppliance Pro for Linux 3.5.17 : 

WEBppliance Pro for Linux 3.5.17 is a Security Patch which resolves the following vulnerabilities : 

  • Transparent session ID support exposes PHP to cross-site-scripting attacks.

  • Users unable to connect to virtual domains using the SSH service after upgrading to the latest version of SSH.

Compatibility :

You can install WEBppliance Pro for Linux 3.5.17 on WEBppliance Pro for Linux 3.5.16 ONLY.

Resolved Issues : 

  1. Transparent session ID support exposes PHP to cross-site-scripting attacks. 

    PHP supports "transparent session IDs", a feature that automatically embeds session IDs as part of URLs in a web page. However, these session IDs are not validated by PHP. The value of a session ID can be manipulated using the PHPSESSID URL parameter. This vulnerability exposes it to cross-site scripting attacks.

    Advisory details for the security patch are available at the following URL: 


    http://shh.thathost.com/secadv/2003-05-11-php.txt
     

    WEBppliance Pro 3.5.17 includes a security patch to fix this vulnerability.

  2. Users unable to connect to virtual domains using the SSH service
    after upgrading to the latest version of SSH


    After upgrading to the latest version of the SSH (openssh-3.1p1-8), users are unable to connect successfully to virtual domains using the SSH service. A change in the authentication mechanism of the latest version of SSH causes the SSH connection to fail. 

    WEBppliance Pro 3.5.17 resolves this issues to enable successful SSH connections
    to virtual domains. 

Installation instructions 

To install the patch, please follow the instructions below:


FTP Download Location :
http://download.swsoft.com/ensim/download/webppliance/linux/Pro/3.5.17/ 


1. Download the file LS-3.5.17-2.tar.gz

2. Uncompress the file:
    tar -xvzf LS-3.5.17-2.tar.gz

3. Change the current directory to the directory where you have uncompressed the file:
    cd LS-3.5.17-2

4. Run the following command
    # sh ./patch-install-3.5.17-2.sh

The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access).

This install script will restart webppliance services automatically.


Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
8/20/2004 12:58:50 PM10 10/11/2007 6:11:29 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF