Article ID: 4416, created on Mar 24, 2008, last review on May 8, 2014

  • Applies to:
  • Sphera

Resolution

Dear Sphera customer,

 

On  July 14 , 2004, a PHP security advisory was released.

Sphera is currently addressing this vulnerability (noted below) in our ServerDirector V3.7 products.

 

Vulnerability Reference: http://security.e-matters.de/advisories/112004.html

 

Solution:  

This vulnerability applies to all applications and end-users utilizing PHP versions prior to 4.3.8.

 

An Update Pack for ServerDirector V3.7 with the relevant PHP updates will be available on August 2, 2004.

 

It should be noted that there are currently no known exploits in the wild.

 

If you have any questions, please contact us at: http://support.sphera.com

 

 

***

 

Please note that installing this patch should be done only on ServerDirector 3.7 with Update Pack #2 installed (UP2).

Explanation:

As part of the installation of UP packages, the installer runs the GUI script "cliCreateBuild.php", which is used to set up the GUI environment and then generates the GUI control panels, VA installation wizards and GUI dictionaries.

 

UP2 was released with PHP v4.3.0. However if you have installed this security patch before UP2 – you have installed PHP v4.3.8 on the Server.

 

Due to some modifications between PHP v4.3.0 and v4.3.8, running the "cliCreateBuild.php" script on PHP v4.3.8 failed. Thus, the GUI environment creation failed, so no one could login to your system.

 

To solve the situation, please follow those steps:

 

1) Copy the attached file (util.inc.zip) to the following place:

 ~<PVDS Root Dir>/php/common/scripts/server/inc/util.inc.php

 

2) From the command line login as the primary VDS user.

 

3) Perform the following:

 cd /www/htdocs/php/common/generator/

 php cliCreateBuild.php



 


5f478287f7e74fe9b07217d8131cd741 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF