Security Fix : WEBppliance Pro 3.5.17 (LS)

Article ID: 2370 
Last Review: Oct,6 2008
Author:
Last updated by: system APPLIES TO:
  • Parallels Pro Control Panel Linux

Additional information

View Knowledge
Knowledge ID 1125
Product : WEBppliance for Linux
Version : 3.5.17
Topic : Notification

Title
Security Fix : WEBppliance Pro 3.5.17 (LS)

Summary
Security Fix : WEBppliance Pro 3.5.17 (LS)

Prevention


Details
Solution:

WEBppliance Pro for Linux 3.5.17 : 

WEBppliance Pro for Linux 3.5.17 is a Security Patch which resolves the following vulnerabilities : 

  • Transparent session ID support exposes PHP to cross-site-scripting attacks.

  • Users unable to connect to virtual domains using the SSH service after upgrading to the latest version of SSH.

Compatibility :

You can install WEBppliance Pro for Linux 3.5.17 on WEBppliance Pro for Linux 3.5.16 ONLY.

Resolved Issues : 

  1. Transparent session ID support exposes PHP to cross-site-scripting attacks. 

    PHP supports "transparent session IDs", a feature that automatically embeds session IDs as part of URLs in a web page. However, these session IDs are not validated by PHP. The value of a session ID can be manipulated using the PHPSESSID URL parameter. This vulnerability exposes it to cross-site scripting attacks.

    Advisory details for the security patch are available at the following URL: 

    http://shh.thathost.com/secadv/2003-05-11-php.txt     

    WEBppliance Pro 3.5.17 includes a security patch to fix this vulnerability.

  2. Users unable to connect to virtual domains using the SSH service
    after upgrading to the latest version of SSH

    After upgrading to the latest version of the SSH (openssh-3.1p1-8), users are unable to connect successfully to virtual domains using the SSH service. A change in the authentication mechanism of the latest version of SSH causes the SSH connection to fail. 

    WEBppliance Pro 3.5.17 resolves this issues to enable successful SSH connections
    to virtual domains. 

Installation instructions 

To install the patch, please follow the instructions below:


FTP Download Location :
http://download.swsoft.com/ensim/download/webppliance/linux/Pro/3.5.17/ 


1. Download the file LS-3.5.17-2.tar.gz

2. Uncompress the file:
    tar -xvzf LS-3.5.17-2.tar.gz

3. Change the current directory to the directory where you have uncompressed the file:
    cd LS-3.5.17-2

4. Run the following command
    # sh ./patch-install-3.5.17-2.sh

The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access).

This install script will restart webppliance services automatically.


Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
8/20/2004 12:58:50 PM10 10/11/2007 6:11:29 AM


Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields