Hotfix : Security fix for exploit involving scheduled backup vulnerability

Article ID: 2743 
Last Review: Oct,6 2008
Author:
Last updated by: system APPLIES TO:
  • Parallels Pro Control Panel Linux

Additional information

View Knowledge
Knowledge ID 2057
Product : Ensim Pro for Linux
Version : 4.0.3
Topic : Hotfix

Title
Hotfix : Security fix for exploit involving scheduled backup vulnerability

Summary
Addresses the issue "Security fix for exploit involving scheduled backup vulnerability"

Prevention


Details

Product: Ensim Pro for Linux
Version: 4.0.3 (Fedora Core 1 and Red Hat Enterprise Linux 3ES)
Date:  August 01,2005
Hotfix Description:  Addresses the issue:
Security fix for exploit involving scheduled backup vulnerability
Overview : Site admin can gain root privileges due to a vulnerability in the scheduled backup feature. This hotfix will prevent further exploits of this vulnerability.
 
Download :
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/vhbackup_be_interface
(md5sum: d89fc9fd789258e2b376620eed43dcac )

For fc1:
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc1/secure.pyc
(md5sum: fe746832e5c5638b74f2813648b85d7c )
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc1/vhbackup.pyc
(md5sum: a564ed12995fadb297a006bf63fcc8a0 )

For fc2:
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc2/secure.pyc
(md5sum: 8fedf02b1186506872e0d9d1dd9c8b03 )
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/fc2/vhbackup.pyc
(md5sum: eb18e195bffa00e5b8d440fba27f273b )

For RHEL3:
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/rhel3/secure.pyc
(md5sum: c97c1e3bf8a1c2aa0a078db1c7e4ff6d )
http://download.swsoft.com/ensim/download/pro/linux/4.0.3/hotfix/rootexploit/rhel3/vhbackup.pyc
(md5sum: c9ac112a0ec50b64273e3474ca58d464 )

Installation Procedure:

1) Backup /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc and /usr/lib/opcenter/vhbackup/vhbackup_be_interface
2) Download all the files for your respective OS and LWP version
3) Backup the scheduled jobs using,
cp -a /var/VhbackupSchedules /root/VhbackupSchedules_backup
4) Run the following command to check for issues of scheduled backup and fix it .
python secure.pyc
Please note this command does not return any messages to the console.
If any of your scheduled backups fail after running this command, you will need to manually reset the password for that job.
5) Replace existing vhbackup.pyc with the one downloaded from the above link
cp vhbackup.pyc /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc
6) Replace existing vhbackup_be_interface with the one downloaded from the above link
cp vhbackup_be_interface /usr/lib/opcenter/vhbackup/vhbackup_be_interface
7) Set permission on vhbackup.pyc to 600 and vhbackup_be_interface to 750
chmod 600 /usr/lib/opcenter/base/services/vhbackup/vhbackup.pyc
chmod 750 /usr/lib/opcenter/vhbackup/vhbackup_be_interface
8) Restart the control panel using,

service webppliance restart

 


Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
8/1/2005 1:31:57 PM83 10/11/2007 2:45:05 AM


Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields