Article ID: 2743, created on Oct 29, 2007, last review on Apr 18, 2012

  • Applies to:
  • Pro Control Panel Linux

AdditionalInformation

View Knowledge
Knowledge ID 2057
Product : Ensim Pro for Linux
Version : 4.0.3
Topic : Hotfix

Title
Hotfix : Security fix for exploit involving scheduled backup vulnerability

Summary
Addresses the issue "Security fix for exploit involving scheduled backup vulnerability"

Prevention


Details

Product: Ensim Pro for Linux
Version: 4.0.3 (Fedora Core 1 and Red Hat Enterprise Linux 3ES)
Date:  August 01,2005
Hotfix Description:  Addresses the issue:
Security fix for exploit involving scheduled backup vulnerability
Overview : Site admin can gain root privileges due to a vulnerability in the scheduled backup feature. This hotfix will prevent further exploits of this vulnerability.
 
Download :
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/vhbackup_be_interface
(md5sum: d89fc9fd789258e2b376620eed43dcac )

For fc1:
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc1/secure.pyc
(md5sum: fe746832e5c5638b74f2813648b85d7c )
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc1/vhbackup.pyc
(md5sum: a564ed12995fadb297a006bf63fcc8a0 )

For fc2:
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc2/secure.pyc
(md5sum: 8fedf02b1186506872e0d9d1dd9c8b03 )
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc2/vhbackup.pyc
(md5sum: eb18e195bffa00e5b8d440fba27f273b )

For RHEL3:
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/rhel3/secure.pyc
(md5sum: c97c1e3bf8a1c2aa0a078db1c7e4ff6d )
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/rhel3/vhbackup.pyc
(md5sum: c9ac112a0ec50b64273e3474ca58d464 )

Installation Procedure:

1) Backup /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc and /usr/lib/opcenter/vhbackup/vhbackup_be_interface
2) Download all the files for your respective OS and LWP version
3) Backup the scheduled jobs using,
cp -a /var/VhbackupSchedules /root/VhbackupSchedules_backup
4) Run the following command to check for issues of scheduled backup and fix it .
python secure.pyc
Please note this command does not return any messages to the console.
If any of your scheduled backups fail after running this command, you will need to manually reset the password for that job.
5) Replace existing vhbackup.pyc with the one downloaded from the above link
cp vhbackup.pyc /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc
6) Replace existing vhbackup_be_interface with the one downloaded from the above link
cp vhbackup_be_interface /usr/lib/opcenter/vhbackup/vhbackup_be_interface
7) Set permission on vhbackup.pyc to 600 and vhbackup_be_interface to 750
chmod 600 /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc
chmod 750 /usr/lib/opcenter/vhbackup/vhbackup_be_interface
8) Restart the control panel using,

service webppliance restart

 


Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
8/1/2005 1:31:57 PM83 10/11/2007 2:45:05 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF