CA Access Control 12.5 SP5 Version 12.55.1476 - FIXLIST
2817
24 May 2019
24 May 2019
All Service Packs are accumulated therefore fixes included in previous releases are not mentioned in the FIXLIST.
Last Updated: October 25, 2012
| No. | Severity | Module | Problem summary | Package | OS | Cause of the problem | Conditions | Solution or workaround | Reproduction steps | Problem ID | TestFix / PublishFix |
| 1 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder on UNIX, where the product does not start after an upgrade because of ???_updates files in a PMDB. | AC125SP50007 | UNIX all | libacdki.so is already removed when upgrade fail due to existence of ???_updates file in a PMDB. | - | - | 1. Create PMDB. 2. Create "hostname_updates" file in PMDB directory. eg) [ACDir]/policies/PMDB/aaa_updates => This file can be a dummy. 3. Run install_base. => This is aborted with below message(=expected). ----------------------- You are still updating this subscriber: aaa. You must finish updating this subscriber before upgrading, or you will lose this update. Note: You can use the -force flag to upgrade anyway. ----------------------- 4. Cannot start AC by seload. | - | - |
| 2 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where generic file rule problem occurs when a specific pattern of Generic FILE rule do not work. | AC125SP50015 | Windows all | In a specific pattern of Generic FILE rules, FILE rules don't work as expected | - | - | - | - | - |
| 3 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where an update with SPECIALPGM, PROGRAM, loginprogram and STOP using selang fails. | AC125SP50021 | UNIX all | Modification and deletion of seosdb succeeds but it fails to modify or delete run-time table. You must restart AC to reload seosdb. | - | - | - | 1611 | T4CC116 (SUN) T4CC117 (RH x84) T4CC118 (RH x64) |
| 4 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where a syntax error message is not displayed | AC125SP50022 | UNIX all | - | Return "ERROR: Failed to fetch data for Class file" on the command: so class(file) flags+(w) doesn't catch syntax error | - | - | - | |
| 5 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the pmd.audit is garbled in Japanese. | AC125SP50023 | Windows all | - | - | - | 1. Create PMDB 2. Add the subscriber > subs pmdb subs(subscriber) 3. Check pmd.audit > seaudit -a -fn pmd.audit 4. You will see code 338 is garbled. | - | - |
| 6 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where SegraceW fails to connect to a remote ControlMinder endpoint even when defenc.dll is located on current directory. | AC125SP50029 | Windows all | SegraceW fails to find defenc.dll where "Encryption Package" is not defined (i.e. AC is not installed). | SegraceW is run on a standalone. | Add Reg value "Encryption Package" in HKLMSOFTWAREComputerAssociatesAccessControl and defined the encryption package. | - | - | - |
| 7 | 2 | UNAB | Fixes an issue with UNAB where the build number is not included in the computer description attribute created during registration. | AC125SP50033 | UNIX all | - | - | - | - | - | |
| 8 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder on UNIX, where the ldap token values in the seos.ini file were missing after upgrade. | AC125SP50034 | UNIX all | Tokens ldap_xxx in seos section are not copied from original seos.ini | - | - | 1. Defined tokens ldap_xxx in seos section 2 .Upgrade AC 3. Tokens ldap_xxx in seos.ini are not inherited | - | - |
| 9 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the install log file records CCI error when installing on Linux390x. | AC125SP50039 | Linux s390x | - | - | - | 1.Install the latest R12.5 SP5 Build using Install Base 2.Grep -i error /opt/CA/AccessControl/AccessControl_install.log 3.Getting Error Message "Failed to install CCISA" | - | - |
| 10 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where *.tmp files are left in /etc/security on AIX 6. | AC125SP50042 | AIX 6 | Tmp files not deleted. | - | - | - | 1618 | TC61144 |
| 11 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where file path that seaudit shows is corrupted when bypass_realpath is enabled. | AC125SP50046 | HP-UX | 1. Path name was not null terminated 2. Used lookuppn() returned value that is last component of the path name | set 1 to token bypass_realpath | Set 0 to token bypass_realpath | - | - | - |
| 12 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where ldap section tokens in the seos.ini are not copied on upgrade. | AC125SP50047 | UNIX all | Tokens ldap_xxx in seos section are not copied from original seos.ini | - | - | - | - | - |
| 13 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where secons -CD goes into an infinite loop under certain situation. | AC125SP50049 | UNIX all | "rec userd" is not cleared while file records are when the period cache erasing is called. secons -CD goes into an infinite loop as "rec userd" and actual recoreds differ. | The period cache erasing is called after file activities is cached. | - | 1. Set 1(minute) to token FileCache_CleanInt (this will shorten the period to reproduce) 2. Performe file access that goes to file handle 3. Check the activity is cached by secons -CD. "rec userd" is increased and the file names apper. Please try to create more that 2 records. | - | - |
| 14 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where Linux stops responding when running secons -sk. | AC125SP50055 | Linux x86 | Conversion specifiers of fino and f_sz for snprintf are not correct. | Run secons -kt 2 on LINUX X86 | - | 1. Install AC on LINUX x86 2. start AC run secons -sk 2 -=^fatal exception in eac_TrustPg_prec() | - | - |
| 15 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder on Windows, where defining TERMINAL rule that contains an IPv4 IP address results in selang failure to connect to seosdb. | AC125SP50056 | Windows all | getaddrinfo could return IPv6 IP address on mixtured env. Hence TERMINAL in IPv4 IP address does not match. | IPv4 and v6 mixtured(like Windows 2008). TERMINAL is defiend in IPv4 IP address only. Token TerminalSearchOrder is name or IP. | Define TERMINAL by hostname | - | - | - |
| 16 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where due to memory leak in seosd, system hangs when seosd reaches system maximum of 1GB | AC125SP50057 | UNIX all | Memory leak in seosd, the system hangs when seosd reaches system maximum of 1GB. | - | This package adds functionality to AC watchdog. The watchdog will monitor size of seosd and will restart seosd if seosd process size is too big. | - | 1612 | TC61133 |
| 17 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder cannot extract the zone prefix for files located on internally mounted zones. As a result ControlMinder uses the program full real path on real root file system. As a result, ControlMinder ignores file or program rules defined relatively to zone root. | AC125SP50058 | Solaris zones | Solaris loopback mount allows mounting of zone folders to global zone folder. Such mounted full path does not consist of full zone path. For example: full path is /export/zone/au6omzzta08_apps/opt/seos/bin/selang zone root is /export/zone/au6omzzta08/root Function SEOS_del_zone_root() is not able to cut off zone prefix | Solaris 10 zone has loopback mounts | AC name resolver should save loopback mount points and cut off mount path for programs running in internal zone | In global zone do like this: =^ mkdir /zone1/z1_app =^ mkdir /zone1/root/app =^ mount -o ro -F lofs /zone1/z1_app /zone1/root/app =^ echo test =^ /zone1/root/app/test Internals zone z1: # ls /app/test /app/test # start AC # start AC trace # cat /app/test ==^ shows full path including zone prefix "/zone1/root/app/test" | 1619 | T3DB067 |
| 18 | 3 | UNAB | Fixes an issue with UNAB where the Computers group list is empty when running uxconsole -manage command. | AC125SP50059 | UNIX all | - | - | - | 1.Create a user in AD that is a member of Unix groups and non-unix groups 2.uxconsole -manage -show -user nitya -detail | - | - |
| 19 | 2 | Windows Endpoint Kernel Mode | Fixes an issue with ControlMinder where an incoming port is blocked by WFP(Windows Firewall Protection), but the connection to that port is not blocked and completed. | AC125SP50060 | Windows all | 1. Copy and paste mistake at interception processing 2. Incorrect processing of interception setup at driver reload | - | - | 1.Install AC on Windows 2008 system 2.Reboot and define blocking rule in build-in windows firewall 3.Test the firewall rule - check that it's not working. 4.Unload AC( secons -s, net stop seosdrv, net stop drveng - order is IMPORTANT ). 5.Test the firewall rule again - now it's working 6.Restart AC( net start drveng, seosd -start, order IMPORTANT ) 7.Test AC network interception - it's not working. | 517 | T5P7069 |
| 20 | 3 | UNAB | Fixes an issue with UNAB where migration does not properly support SFU. | AC125SP50061 | UNIX all | - | - | - | 1> Create Unix user and add it to a unix group 2> Create a partial user with unix attributes in AD. 3> Migrate groups using the command: 4> /opt/CA/uxauth/bin/uxconsole -migrate -groups -scope l -mode f -v 5 5> Notice that migration does not supported SFU. | - | - |
| 21 | 3 | UNAB | Fixes an issue with UNAB where a memory leak occurs in seosd when it contacts UNAB using API. | AC125SP50063 | UNIX all | 1. UNAB API that check if UNAB is there setup locale, it used to set it up even if it was already setup (without free of the old locale that may be setup from previous call) 2. UNAB looking for AD groups of a user assume if it finds no group non need to free the STRLIST it allocated as it assume to be empty (but it still have a header) Empty STRLIST of groups created in api_get_user_wingrps when AD user is not member of any group. Free STRLIST even it is empty. | AC running with seos.ini setup that cause it to look for UNAB | Close the UNAB tokens in seos.ini so it will not call the API | Run seosd with purify, open the UNAB related tokens in the ini and surrogate or login with an AD user that exist in AC, for second leak there is a need to create AD user make sure it has no Windows groups and login with it to the system. Actually best is to use the Valgrind product on a Linux system instead. | 1623 | T5P7070 |
| 22 | 2 | UNAB | Fixes an issue with UNAB where a memory leak occurs in seosd when it contacts UNAB. | AC125SP50065 | UNIX all | - | - | - | - | 1623 | T5P7070 |
| 23 | 2 | UNAB | Fixes an issue with UNAB where memory leak occurs. | AC125SP50067 | Linux all | ldap_unbind was not called when ldap_sasl_interactive_bind_s terminated in thread function due to lifetime expiration. | - | - | - | - | - |
| 24 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the .pmd_error file is not included in the backup file names. | AC125SP50068 | UNIX all | The hidden file .pmd_error is NOT included in "sepmd -bd pmdb /work/backup". | Use "sepmd -bd pmdb /work/backup" to reproduce the problem. | Add .pmd_error to the file list. | 1. Create a pmdb. # sepmdadm -i 2. start up all the daemons and run this command. # sepmd -bd pmdb /work/backup All files in /opt/CA/AccessControl/policies/pmdb are backed up to /work/backup. 3. There is one hidden file .pmd_error is not coped to /work/backup. # cd /opt/CA/AccessControl/policies/pmdb # ls -al .pmd_error (the file is there.) # cd /work/backup # ls -al .pmd_error (the file is not there.) | - | - |
| 25 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where CONSENT.EXE is missing from the registry value ApplyOnProcess after upgrading from 12.5SP2. | AC125SP50071 | Windows all | Handling in case of 64 bit was missing in MergePlgApplyOnProcesss | 64 bit box upgrade from old release that does not have CONSENT.EXE by default | Add CONSENT.EXE to .InstrumentationPlugInsRunAsPlgApplyOnProcess by reg editor after upgrade | 1.install AC 12.5SP2 on x64 2.verify the value of ApplyOnProcess has no consent.exe. This is ok for SP2 HKLMSOFTWAREComputerAssociatesAccessControlInstrumentationPlugInsRunAsPlg ApplyOnProcess=runas.exe explorer.exe 3.upgrade AC 12.5SP4 4.verify consent.exe is added to ApplyOnProcess. SP4 does not add it. This is a problem. | - | - |
| 26 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder fails to install on Linux 5.5 Enterprise because the redhat_release file has been manually modified causing ControlMinder kernel module not to be found. | AC125SP50074 | Linux | redhat_release file has been manually modified causing AC kernel module cannot be found | - | - | Access Control fails to start on OEL 5.5 where redhat_release file has been manually modified to contain "Carthage" instead of "Tikanga". | 1625 | T540064 |
| 27 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder is not linking to the correct kernel module when using install_base and native packages to install the product. | AC125SP50081 | Linux 6.1 | - | - | - | Install AC with install_base and native package. | - | - |
| 28 | 3 | UNAB | Fixes an issue with UNAB where memory leak occurs when the user maps and executes UNAB stress. | AC125SP50082 | UNIX all | In uxauth_get_naming_contexts() free LDAPMessage *res abd use ldap_get_values instead of get_ldap_attribute. | - | - | 1. Execute a mapping and migration of unab user to AD 2. Execute stress for the mapped user ./eacLotsOfSSH -n localhost -p map -r 10 -t 500 -i 4-4 -m pts/6 -s 180 3. Execute stress of many different users as well simultaneously 4.check memory leak top -p <pid of uxauthd> | - | - |
| 29 | 3 | Windows Endpoint User Mode | Fixes an issue where seosd terminates after starting ControlMinder when there are 109 or more TRACE entries in the audit.cfg file. | AC125SP50085 | Windows all | Hard limit is too small. | Add 109 lines of rules in audit.cfg. | Please apply the fix seosd.exe or have a less rules in audit.cfg. | 1. stop AC > secons -s 2. add 109 or more TRACE entry in audit.cfg I added following same 109 entries TRACE;*;*;*;*;*;*;* 3. start AC > seosd -start | 520 | T243783 |
| 30 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where with keyboard logger enabled, command "who -u" showed the same tty for two different users. | AC125SP50086 | Linux | cmdlog checks utbuf-=^utmp_err, when it is not 0 it does not send logout event to agent and agent does not erase utmp line | KBL | function kbl_utmp_set_login() set utbuf-=^utmp_err = rv = 0; | - | 1570 | AC 12.5 SP3, version 12.53.0.1813, tar files: T3DB055 (Linux x86_64), T3DB056 (Linux ia64), T3DB057 (AIX), T3DB058 (Solaris SPARC),T3DB060 (HPUX ia64), T3DB066 (Linux x86_32) AC 12.5SP5, version 12.55.0.1036, tar files: T3DB071(Linux x86_32), T3DB072(Linux x64), T3DB073(Linux IA64), T3DB074(AIX) T3DB075(Solaris SPARC), T3DB076(HPUX RISC), T3DB077(HPUX IA64) |
| 31 | 3 | Unix Endpoint User Mode | Fixes an issue where ControlMinder fails to install on Enterprise Linux 5.5 | AC125SP50088 | LINUX all | Could not find specific kernel module SEOS_syscall.5.5eASX86_64.MP.ko | - | - | - | 1625 | T540064 |
| 32 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the SEOS_load fails. | AC125SP50090 | Solaris | The AC script SEOS_load searches "seos" device searching string "seos" in system configuration. There is different device which consists name of seosvol and it confuses SEOS_laod script. The script assumes there already exists device and tries update it. | Solaris 10 + SEOS_use_ioctl | Make more strict search, use pattern "/pseudo/seos" instead of "seos" | - | - | - |
| 33 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where native users could not login when pam_seos.so is configured before the pan_unix.so authentication module. | AC125SP50092 | LINUX all | 1. Login failures for native users when pam_seos.so is defined prior to the pam_unix.so auth module in environment. 2. Configuration of PAM file at install time which will take VAS' peculiar PAM configuration into account and still place pam_seos after pam_unix. | - | - | - | 1632 | TC61167 |
| 34 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the "Execute" access mode of non-setuid/setgid program is checked by the FILE class in r8.0 SP1, but not in r12.5. | AC125SP50093 | UNIX all | Check of trusted program by FILE class is skipped in the PROGRAM handle. | A program is defined by PROGRAM and FILE not a setuid/setgid program | - | - | 1572 | T4CC107 |
| 35 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the console login hangs and RDP Login fails. | AC125SP50094 | Windows all | In case of seosd is in long term timeout ( recovery, termination. crash ), the Subauthentication thread waiting WaitingTimeout = INFINITE for respond from seadmapi_IsServerRunning() locks other threads resulting to getting stuck further logons. | - | Resolved by assignment global Waitingtimeout to Registry value LogonTimeOut or default 4sec. | - | 521 | T5P7074 |
| 36 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where sepmd -bd <pmdb> <dest> causes error and then files in pmdb directory become 0 byte if <dest> is './'. | AC125SP50098 | UNIX all | - | - | - | - | - | - |
| 37 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where do_as hangs on Linux s390x | AC125SP50099 | Linux s390x | The count on files is being incremented with get_file and decremented with atomic_dec. On 2.6.27 and later kernels, the atomic type changed from atomic_t to atomic_long_t and requires atomic_long_dec to decrement properly. On X64 and Itanium and x86, this was not a problem because of the the byte ordering. s390x uses big endian ordering so using the wrong decrement changed the high order portion instead of the low order, so this only showed up on s390x. | - | - | Following expect script causes the session to hang #!/usr/local/bin/expect -- puts start if [ catch { exec /usr/local/bin/do_as root ls } res ] { puts error } puts end | - | - |
| 38 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where a user who logs in and disconnects using a RDP session receives the same session id. seosd does not log off the user from the session. | AC125SP50102 | Windows all | - | - | Save a list of disconnect session in seosd memory. In case the user is not authorized to login, search in the disconnect session list, if found then disconnect the user from the RDP session instead of logoff. | 1) Create User in AC 2) Authorize the user to connect from terminal A. 3) Unauthorize the user to connect from terminal B. 4) Connect from terminal A using RDP. 5) Disconnect the RDP session. 6) Connect from terminal B using RDP. 7) The user will be logged off from both sessions. | 523 | T243792 ----> Win. X86 8.0 sp1 T243793 ----> Win. x64 8.0 sp1 T243794 ----> Win. IA64 8.0 sp1 T243795 ----> Win. X86 12.5 sp1 T243796 ----> Win. X64 12.5 sp1 T243797 ----> Win. IA64 12.5 sp1 T243798 ----> Win. X86 12.5 sp2 T243799 ----> Win. X64 12.5 sp2 T243800 ----> Win. IA64 12.5 sp2 T243801 ----> Win. X86 12.5 sp3 T243802 ----> Win. X64 12.5 sp3 T243803 ----> Win. IA64 12.5 sp3 T243804 ----> Win. X86 12.5 sp4 T243805 ----> Win. X64 12.5 sp4 T243806 ----> Win. IA64 12.5 sp4 T243807 ----> Win. X86 12.0 sp1 CR1 T243808 ----> Win. X64 12.0 sp1 CR1 T243809 ----> Win. IA64 12.0 sp1 CR1 |
| 39 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where seagent causes system panic on SLES 11SP1 x64 on startup. | AC125SP50103 | SLES 11SP1 x64 | Syscall intercepted via 32-bit syscall table tries to execute the 64-bit original syscall function that is not yet set and leads to system panic. | - | The solution is to hook the 64-bit syscall table before 32-bit syscall table. The workaround is to install 64-bit version of AC. | Install AC on an X64 SLES 11 SP1 system and set AC to start automatically. Then reboot the system repeatedly, this may cause the system to crash. | 1636 | T3E7134 |
| 40 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where a user who logs in and disconnects using a RDP session receives the same session id. The user is not log off from the session. | AC125SP50104 | Windows all | - | - | Save a list of disconnect session in seosd memory. In case the user is not authorized to login, search in the disconnect session list, if found then disconnect the user from the RDP session instead of logoff. | - | 523 | T243792 ----> Win. X86 8.0 sp1 T243793 ----> Win. x64 8.0 sp1 T243794 ----> Win. IA64 8.0 sp1 T243795 ----> Win. X86 12.5 sp1 T243796 ----> Win. X64 12.5 sp1 T243797 ----> Win. IA64 12.5 sp1 T243798 ----> Win. X86 12.5 sp2 T243799 ----> Win. X64 12.5 sp2 T243800 ----> Win. IA64 12.5 sp2 T243801 ----> Win. X86 12.5 sp3 T243802 ----> Win. X64 12.5 sp3 T243803 ----> Win. IA64 12.5 sp3 T243804 ----> Win. X86 12.5 sp4 T243805 ----> Win. X64 12.5 sp4 T243806 ----> Win. IA64 12.5 sp4 T243807 ----> Win. X86 12.0 sp1 CR1 T243808 ----> Win. X64 12.0 sp1 CR1 T243809 ----> Win. IA64 12.0 sp1 CR1 |
| 41 | 2 | UNIX Endpoint User Mode | Fixes an issue where ControlMinder does not start on HP-UX 11.11 32-bit PA-RISC 1.1 system. | AC125SP50105 | HP-UX | AC components are not PA-RISC 1.1 compatible. | - | - | - | - | - |
| 42 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where SSH <cmd> shows as 0.0.0.0 in FILE audit - Linux. | AC125SP50106 | LINUX all | - | - | - | 1) Test on Linux. 2) Start AC. 3) AC> nf /usr/bin/df owner(nobody) audit(all) defacc(all) 4) AC> nu test01 password(123) grace- 5) ssh-l test01 0 df -h 6) See the host name in FILE audit for /usr/bin/df and see that it does NOT say 0.0.0.0 | 1633 | TC61172 |
| 43 | 1 | Unix Endpoint Kernel Mode | Fixes an issue with ControlMinder where unexpected error occurs when synchronize_fork is set to 1. | AC125SP50107 | Linux x64 | AC because session has lost its' AC user identity | - | - | - | 1642 | TC61175 (Linux X86 32 bit), TC61176 (Linux X86_64 64 bit) |
| 44 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where if a user name is longer than 8 characters, the user name is truncated. | AC125SP50109 | AIX | - | - | - | 1.Install AC 2.Start AC 3.Create a user with username greater than 8 characters | - | - |
| 45 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where seosd is restarted by seoswd, the process become defunct process. | AC125SP50112 | UNIX all | The child process takes more than 10 seconds to exec seosd whereas the parent process wakes up in 10 seconds moves on without waiting for the child's process. | - | - | T243743 ----> Sun Solaris T243744 ----> HPUX11.11 T243745 ----> HPUX IA64 T243746 ----> Aix T243747 ----> Sun Intel x86 T243748 ----> Linux X86 T243749 ----> Linux X64 T243750 ----> Linux IA64 | 1587 | - |
| 46 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where sepmdd auto truncate corrupts the subscriber database. | AC125SP50113 | UNIX all | The internal global offset is not updated correctly when trying to create a new database for the subscribers. | - | Please apply the fix sepmdd. or set trigger_auto_truncate = 1024, and then run "sepmd -t DH__WRITER auto" once a day. | - | 1743 | T243810 |
| 47 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the FILE audit for SSH <cmd> shows HOST prefix. | AC125SP50114 | UNIX all | - | - | - | 1.Install AC 2.Start AC 3.Create a file nf /usr/bin/df owner(nobody) audit(all) defacc(all) 4.Create a user nu test01 password(123) 5.ssh -l test01 0 df -h 6.Verify that the host name in FILE audit for /usr/bin/df does NOT say 0.0.0.0. | 1633 | TC61172 |
| 48 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where selogrd detects corrupted record while intensive writing records is performed to seos.audit. Selogrd processes the same audit log successfully after writing is over. | AC125SP50116 | UNIX all | - | - | - | - | 1635 | T5P7080 file for HPUX T5P7081 file for HPUX IA64 T5P7082 file for AIX T5P7083 file for SUN T5P7084 file for LINUX T5P7085 file for AIX 12.5SP4 |
| 49 | 2 | UNIX Endpoint User Mode | Fixes an issue where ControlMinder can not start after migration from ControlMinder r8.0SP1 to r12.5SP4 with the syslog error "CA Access Control file table set failed ERROR". | AC125SP50121 | HP-UX | The AC DB consists of FILE rules for NFS files. | NFS FILE rules in AC DB | Use original path name when AC file name resolving fails to find path of NFS file. | - | 1638 | T3DB069 |
| 50 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder on AIX where seaudit -kbl -cmd did not show session commands because input was not collected by the command logger. | AC125SP50122 | AIX | No "KBL input" in output of seaudit -kbl -sid <session ID> -cmd | - | - | - | 1637 | TC61170 (AC R12.5 SP4), TC61171 (AC R12.5 SP5) RO34766 |
| 51 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where command logger does not get real path to the shell. | AC125SP50124 | UNIX all | No records with cmd data on Linux . | Linux, sh as login shell that is link to bash | Put real path to shell in /etc/passwd | 1) On Linux interactive user has /bin/sh as login shell. /bin/sh is a link to bash. 2) open session as interactive user, work, close the session 3) prints commands for this session (seaudit -cmd) | - | - |
| 52 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the command "who am i" shows duplicated lines. | AC125SP50128 | Linux all | - | - | Set DEAD utmp for both original tty and new KBL tty | - | 1570 | AC 12.5 SP3, version 12.53.0.1813, tar files: T3DB055 (Linux x86_64), T3DB056 (Linux ia64), T3DB057 (AIX), T3DB058 (Solaris SPARC),T3DB060 (HPUX ia64), T3DB066 (Linux x86_32) AC 12.5SP5, version 12.55.0.1036, tar files: T3DB071(Linux x86_32), T3DB072(Linux x64), T3DB073(Linux IA64), T3DB074(AIX) T3DB075(Solaris SPARC), T3DB076(HPUX RISC), T3DB077(HPUX IA64) |
| 53 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where the session becomes undefined after zone halt or boot or zlogin for Solaris zones. | AC125SP50134 | Solaris | - | - | - | - | 1641 | TC61174 |
| 54 | 2 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the an additional argument in dotoprocs() causes system malfunction on shutdown. | AC125SP50135 | Solaris | OS include files have changed between Sol 10u9 and Sol 10u9 + patch. dotoprocs() has an additional argument that leads to the panic. | Panic on shutdown | New kernel modules needed for Sol 10u9 with patch | - | 1640 | AC 125sp5: T540074 (sparc), T540075 (X640), AC 125sp4: Testfixes T540076 (sparc), T540077 (X64) |
| 55 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where FILE resource /etc/* throws an error and is not imported to seosdb. | AC125SP50137 | UNIX all | The rule in baseline is /etc/*. | - | Change /etc/* rule in baseline to /etc/**. | - | - | - |
| 56 | 1 | UNAB | Fixes an issue with UNAB where Active Directory users fail to login when Active Directory is down. | AC125SP50138 | Linux all | - | - | Add UNIX attributes to the Windows group. | - | 15 | TC61178 (Linux X86 32 bit), TC61179 (Linux X86_64 64 bit), TC61180 (AIX), TC61181 (Solaris) |
| 57 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where the session hangs when individual scripts are run consecutively. | AC125SP50140 | Linux s390 | - | - | - | - | - | - |
| 58 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where when a short name is used in delete operation bypasses our partial match logic. | AC125SP50141 | Windows all | Short name used in delete operation bypass our partial match logic. | See reproduction steps | Fixed code to match the case correctly | 1.Under AC LOG folder create file seos1.audit.bak 2.Add AC rule with defacc(r) for the file full path wildmask at the end, i.e. ^=full path=^seos1.audit.bak* 3.Try to read the file - it shoul pass. 4.Try to delete the file via command line - it should be denied, but passed instead( if the bug not fixed). | - | - |
| 59 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where seosd stops responding after executing the secons -s command. | AC125SP50142 | Windows all | Collection of issues, starting with non-initiated variables and up to non-optimal control flow. | secons -s | - | - | 525 | T537685 |
| 60 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where false deviations are reported after deploying AIX Out of the Box policy and the user runs 'get devcalc' from selang. | AC125SP50145 | UNIX all | - | - | - | - | 1645 | TC61183 |
| 61 | 2 | UNAB | Fixes an issue with UNAB where busy condition is experienced in NSS_UXAUTH while processing Active Directory users from Cron. | AC125SP50148 | UNIX all | Cron encountered a busy condition. | Cron on AIX may require a restart to clear its own state and resume successsful cronjob execution | Use the native SQLite3 sqlite3_busy_timeout API to handle busy condition (it is integrated with the SQLite3 engine), rather than rely on just sleep and backoff. Force database close when busy condition persists. Provide more detailed and specific messages when busy condition is encountered. | - | 16 | TC61182 |
| 62 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where Korean characters are not supported. | AC125SP50149 | UNIX all | Input letters in Korean are converted or recognized when typed, but becomes meaningless if KBL is running. | - | - | - | 1644 | TC61184 |
| 63 | 1 | UNIX Endpoint Kernel Mode | Fixes a compatibility issue with ControlMinder to support VMware ESX3.5 kernel 2.4.21-66. | AC125SP50152 | Linux | Kernel headers changed with kernel 2.4.21-66 | - | - | Install ESX 3.5 u5 with June 2011 patch rollup. AC should start successfully | 1648 | T540078 |
| 64 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where if more than one user is using uid 0 then keyboard logger records for the user includes user name as root. | AC125SP50157 | UNIX all | Logget uses system call for getting user name from uid. AC api should be used. | PamPassUserInfo = 1 kbl_enabled = yes | no workaround | Set kbl_enabled = yes PamPassUserInfo = 1 Create user with uid=0 Define the user as interactive in selang Login via ssh as created user Check sewhoami -a shows correct user name Check KBL records for this session | 1673 | TC61212 |
| 65 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where dbmgr command cannot handle groups with more than 15 members. | AC125SP50158 | UNIX all | The dbmgr -e -l -f rules.txt didn't handle the scenario where a group has more than 15 groups properbly. | Create a group with 15 members. dbmgr -e -l create an incorrect command for this group. | Reduce the number of member to 14. The fix is dbmgr. | - | 1653 | T243829 |
| 66 | 1 | UNIX Endpoint Kernel Mode | Fixes performance issues that occurred after enabling ControlMinder. | AC125SP50159 | Solaris | Operation VOP_READDIR is 10 times longer then search within fetched buffer. | - | Allocate bigger buffer AC uses to read directory. Operation VOP_READDIR is 10 times longer then search within fetched buffer. | - | 1652 | T3DB083 |
| 67 | 3 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder with seos.collect.audit where seaudit displays the TCP log with an incorrect hostname. | AC125SP50160 | Windows all, UNIX all | - | Please run "seaudit" on seos.collect.audit where there is hostname in the audit log. The field that for hostname will be replaced by the localhost name. | - | - | 1654 | T243830 |
| 68 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where 'secons -scl' shows 24 lines output and suppresses the rest. | AC125SP50161 | UNIX all | - | Many processes blocked in system calls | Solution: secons will use bigger buffer when fetching current syscalls. New buffer will be 128KB (bigger buffer may lead to failing allocation) | - | - | - |
| 69 | 1 | UNAB | Fixes an issue with UNAB where password problems occur in Kerberos during Endpoint registration. | AC125SP50162 | UNIX all | - | - | - | - | 22 | TC61216, TC61217, TC61218, TC61219, TC61220, TC61221 |
| 70 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where remote ssh commands print wrong output when the keyboard logger is enabled. | AC125SP50165 | AIX | AC kernel fails to copyin exec arguments and cannot detect "sh -c" command (KBL ignores sh -c) | - | Fix copying into kernel arguments | Do remote command "ssh ^=AIX_host=^ 'oslevel -s'" | 1650 | T3DB081 |
| 71 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where seosd stops responding after executing the secons -s command. | AC125SP50166 | Windows all | - | Shared folders access via network | Added appropriate flag | - | 525 | T537685 |
| 72 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the root user could not login when AC PAM is active. | AC125SP50168 | Linux | - | - | - | - | 1632 | TC61166 (x86), TC61167 (x64) |
| 73 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where pam_uxauth should be prior to pam_seos. | AC125SP50170 | Linux | - | - | - | - | 1632 | TC61166 (x86), TC61167 (x64) |
| 74 | 2 | Windows Endpoint Kernel Mode | Fixes an issue with ControlMinder where resources access sharing violation conflict occurs. | AC125SP50171 | Windows all | Sharing violation | System reboot | - | Define rule for deviceharddiskvolume* with defacc(a) audit(f) owner(nobody) and check that no exists services fails to load after reboot. | 525 | T537685 |
| 75 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where HOSTNET rules remain effective even though HOST class is off. | AC125SP50172 | Windows all | Activate or de-activate GHOST, HOSTNET and HOSTNP according to HOST's activation status. | Disable HOST. | - | 1. TCP class ON, HOST class OFF. 2. Create rules. editres TCP ("3389") audit(ALL) defaccess(NONE) owner('nobody') editres HOSTNET ("testseg") audit(ALL) owner('nobody') authorize HOSTNET ("testseg") access(READ) service(3389) 3. login by RDP, it should be denied but permitted. | - | - |
| 76 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where seosd is stuck on openlog() when restarted through by seoswd. | AC125SP50173 | UNIX all | seosd is stuck on openlog(). | - | - | - | - | - |
| 77 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the root user could not login when AC PAM is active. | AC125SP50174 | Linux | - | - | - | - | 1632 | TC61166 (x86), TC61167 (x64) |
| 78 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where core file gets generated when you deploy a policy that includes update class warning commands flags and run devcalc. | AC125SP50175 | UNIX all | - | - | - | - | - | - |
| 79 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where seosd crashes on Solaris SPARC. | AC125SP50176 | Solaris | Kernel event handler returned wrong authorization answer when message was released by going down seosd | - | Kernel even handler returns ALLOW if message status is not "ANSWER" | - | 1651 | T3DB082 (AC 12.5SP3-Solaris 10 SPARC), T3DB089 (AC 12.5SP5 on Solaris SPARC) |
| 80 | 2 | UNIX Endpoint User Mode | Fixes an issue where ControlMinder hangs after SSH user login. | AC125SP50177 | UNIX all | API timeout conflicts with SSH signal handler. | - | - | - | 1663 | TC61190 |
| 81 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where an empty "who am i" output received when keyboard logger enabled. | AC125SP50178 | Linux | Linux updates original utmp entry with new tty when calling updwtmp() because cmdlog does not change ut_id of entry. When process exits AC KBL removes new tty entry while original entry does not exits anymore. | KBL traced user exec shell | Build new utmp entry including ut_pid, ut_id and ut_line | AC=^ eu root audit(n) AC=^ eu test audit(i) Compile C-code binary "shell" { setuid(^=test_uid=^); execlp ("/bin/bash", "-bash", (char *)0); } chown test shell chmod 4755 shell ---------------- ssh root@host # who am i -=^ pts/3 # ./shell bash-3.00# who am i -=^ pts/4 bash-3.00# exit # who am i -=^ empty | 1570 | AC 12.5 SP3, version 12.53.0.1813: T3DB055 (Linux x86_64), T3DB056 (Linux ia64), T3DB057 (AIX), T3DB058 (Solaris SPARC),T3DB060 (HPUX ia64), T3DB066 (Linux x86_32) AC 12.5SP5, version 12.55.0.1036: T3DB071(Linux x86_32), T3DB072(Linux x64), T3DB073(Linux IA64), T3DB074(AIX) T3DB075(Solaris SPARC), T3DB076(HPUX RISC), T3DB077(HPUX IA64) |
| 82 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where policies (includes OOTB policies) were not migrated after upgrade. | AC125SP50189 | UNIX all | The policy has space in name. | - | - | - | - | - |
| 83 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder installation directories are not protected when the bypass_realpath token is set to 1. | AC125SP50190 | HP-UX | Because the kernel mount protection table is not properly set and get_realname() fails to properly set the path string, when mounting on AC installation directories it fails to protect it. | bypass_realpath set to 1. | Don't set bypass_realpath. | Set bypass_realpath = 1. mkdir /tmp/testmount touch /tmp/testmount/notanemptydir start AC. mount /tmp/testmount /opt/CA/AccessControl This will mount /tmp/testmount over /opt/CA/AccessControl. Do "ls /opt/CA/AccessControl" to see if it is successfully mounted. Before shutting down AC, do "umount /tmp/testmount". | - | - |
| 84 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where JVM throws java.lang.OutOfMemoryError when it runs out of memory in heap. | AC125SP50191 | Linux | - | - | Add three parameters jvm_ms, jvm_mx, jvm_mps to accomon.ini allowing to configure heap size of Permananet and Heap spaces by setting JVM options. | - | - | - |
| 85 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where a command was not executed properly because the session lost the AC user identity. | AC125SP50192 | Linux | AC kernel module sent an EXEC event to AC authorization daemon but AC auth daemon couldn't determine which user has executed the command and thus could not enforce protection. | - | - | - | 1642 | TC61191 |
| 86 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where FILE access is denied on startup. | AC125SP50193 | UNIX all | There is time window between enabling interception and building process table. Processes entered authorization right after interception may consist ACEE=0 which is "undefined" user | AC start up | AC should avoid process authorization until internal Process Table in ready | (1) Create script "test.sh" -------- #!/bin/sh i=0 while [ $i -lt 50000 ] do /bin/cat "path_test_file" =^ /dev/null if [ $? != 0 ]; then echo "ERROR: $?" fi i=`expr $i + 1` done -------- (2) protect "path_Test_file" in AC, allow just test user access it (3) login test user and start test script ==^ no errors accessing protected file (4) Start AC EXPECT: no errors from the script. REPEAT start - stop AC several times | 1660 | T3DB090 |
| 87 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where user login is denied when old_sesu is set to no in seos.ini. | AC125SP50194 | Linux x64 | Problem occurs as setuid from /bin/su is not allowed. | - | - | - | 1614 | T243780 |
| 88 | 3 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder where policy deployment fails. | AC125SP50195 | Windows all, UNIX all | - | - | - | - | - | - |
| 89 | 3 | UNIX Endpoint User Mode | Fixes an issue where Control Minder produces core dump if nslooku fails | AC125SP50196 | Solaris, HP-UX | Attempted dereference of Null pointer | AC produces core dump on AC startup. | - | Start AC on Solaris or HPUX when network name resolution does not work - nslookup fails. AC produces core dump on AC startup. This fix does not fix AC not starting, but core dump will not occur. | - | - |
| 90 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where the system panicked when connection was intercepted. | AC125SP50197 | AIX | A closed socket was associated with a file descriptor passed to the connext system call. | When net event is not activated, for example. | Decrement the use count of the socket file after the original connext syscall. | - | 1662 | TC61188 (12.5 SP4), TC61189 (8.0SP1 CR17) |
| 91 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where a system panic occurs on shutdown due to interaction with other applications. | AC125SP50198 | Linux | Crash at shutdown because AC is not checking that execve syscall table pointers have been updated | AC shutdown | - | - | - | - |
| 92 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the Windows Enterprise Management Server continuously crashes after installation | AC125SP50199 | Windows all | Reverse engineered code. | - | Improved stability | - | 531 | T5P7096 |
| 93 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where sepass -l fails to change password for a user that is not defined in the database. | AC125SP50200 | UNIX all | - | - | - | - | 1665 | TC61192, TC61199 |
| 94 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where AC FORK synchronization does not apply to vfork where child will not start before parent finishes forking - AC will hang process. | AC125SP50202 | Linux | AC FORK synchronization does not apply to vfork where child will not start before parent finishes forking - AC will hang process | Application calling some vfork flavore | - | When an application calls vfork() system call AC might cause it to hang. | 1642 | TC61175, TC61176, TC61191 |
| 95 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where after a user logs in with the default shell (/bin/sh) and surrogates to root or equivalent and then pressing Ctrl-c, the id command switches user between logged in user and root. | AC125SP50205 | Solaris | - | On Solaris and Bourne Shell. | There is no workaround except using a different shell. The solution is for all platforms. It properly waits for the termination of the child process and handles the SIGINT. | 1. Log in as a regular user with /bin/sh as its default shell. 2. Run id to verify it. 3. Start AC if it is not up yet. 4. Run sesu. 5. Run id to check if it is root. 6. Run sewhoami to see if it is the regular user. 7. Type Ctrl-C. 8. Run the id command repeatedly. It will switch back and forth between root and the login user. | 1671 | T3E7138 |
| 96 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where the system panicked in my_chdir() when my_chdir() called pn_free() to free an already freed pathname struck, user_pn. | AC125SP50207 | HP-UX, Solaris | - | - | Check the pathname struct before calling pn_free(). | - | - | - |
| 97 | 2 | Windows Endpoint Kernel Mode | Fixes an issue with ControlMinder where panic occurs after installation due to cainstrm error with function failure return code processing. | AC125SP50208 | Windows all | Code fails to treat properly fail return code of function called. | - | - | - | 532 | T5P7097 |
| 98 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where 'installation file not found/missing' error occurs when the "install_base" is run without specifying parameters. | AC125SP50226 | UNIX all | install_base has an incorrect tar file for X64. | - | - | - | - | - |
| 99 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the audit log is routed to syslog by selogrd. | AC125SP50228 | UNIX all | The session id is not included. | Run "seaudit -a" on a collected seos.audit log. | - | 1. Seaudit -a -sessionid note the option -sessionid, we can see the session ID in the audit logs. 2. In selogrd.cfg. syslogrule syslog LOG_INFO <dot> 3. Please check the syslog, there is no session ID in the audit log. | 1675 | T243852, T243853, T243854, T243855, T243856, T243857 |
| 100 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where selogrd RPC error when setting UseEncryption = eTrust. | AC125SP50230 | UNIX all | Encryption function saves key length as "unsigned long". It value differs on 32-bit is 4 bytes, on 64-bit value is 8 bytes long. As result selogrd obtains incorrect key and uses it when encrypting. | encryption = eTrust | Save key length as "unsigned int" which is 4 bytes on both 32-bit and 64-bit systems. | Choose 32-bit collector (Solaris, AIX) and 64-bit emitter machine (Linux x86_64). Set UseEncryption = eTrust (in seos.ini) both collector and emitter. Run both collector and emitter command "sechkey -k ^=some_key=^". Start selogrcd (collector). Try to start "selogrd -d" (emitter) ==^ RPC error 11 | 1672 | T3DB088 |
| 101 | 2 | UNAB | Fixes an issue with UNAB where error occurs due to a regression slip in uxauth_krb5_preauth() call. | AC125SP50231 | UNIX all | uxconsole is not able to obtain a credential ticket for an account. | - | - | - | 17 | T243848, T243849, T243850, T243851 |
| 102 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where wrong authorization results for PACL rules. | AC125SP50233 | HP-UX IA64 | Kernel file cache saved program "bash" instead of actual program "cat". | - | - | - | 1729 | TC61240 |
| 103 | 3 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the property ON_BEHALF_OF is assigned more than one value. | AC125SP50237 | Windows all, UNIX all | - | The property has to be ON_BEHAVE_OF. you have to create and assign a policy to see the error. | - | Create a policy and assign a policy to an hnode. check the error log for DMS__. "sepmd -e DMS__". ERROR: You cannot use more than one value for property ON_BEHAVE_OF. | 1635 | T243866 |
| 104 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where seos module cannot be unloaded because of hanged processes accept1() syscall. The sockets are IPv4 but tripAccept handles them as IPv6. | AC125SP50239 | AIX | tripAccept gets list of open sockets from netstat -an. tripAccept handles "tcp4" ports as IPv4 and "tcp" as IPv6, but "tcp" can be also IPv4 socket so tripAccept fails to release it. | - | - | - | 1676 | TC61200 |
| 105 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the wrong program in FILE audit is used for trusted scripts. | AC125SP50241 | UNIX all | - | - | - | - | - | - |
| 106 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where seaudit -kbl -sid <xxx> -cmd" does not display EffectiveUsername even after the user uses the "su" command. | AC125SP50242 | UNIX all | - | - | Fill in effective user name in KBL records. | - | - | - |
| 107 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where FILE protection does not work. | AC125SP50248 | AIX 5.3 | AIX 5.3 OS level 12 uses "kopen" not intercepted by AC | Technology Level (TL) 12 | New SEOS_syscall module, OSMIC=b for Technology Level (TL) 12 | AC=^ ef ^=test_file_path=^ defaccess(n) owner(nobody) # cat ^=test_file_path=^ ==^ result success, there is not FILE in trace and no audit records | 1679 | T3DB097 |
| 108 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where setup removes SYSTEM user from seosdb if the user is used as a regular user and not set as Local System | AC125SP50250 | Windows all | - | - | Setup removes user SYSTEM from seosdb only if runs in context of regular user not as Local System. | - | - | - |
| 109 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where issec displays all process called agent but none of ControlMinder process | AC125SP50253 | UNIX all | - | - | - | 1) Test on Linux. 2) cp -ip /bin/sleep /tmp/agent 3) Create a script called /tmp/agent.sh: #!/bin/bash # /tmp/agent 300 4) Start AC (<AC_Instal_Path>/bin/seload). 5) Run: /tmp/agent.sh 6) Run: <AC_Instal_Path>/bin/issec | 1681 | TC61201, TC61202 |
| 110 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where policy deployment fails. | AC125SP50254 | Solaris | - | - | - | - | - | - |
| 111 | 3 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the DH WRITER DMS and DH are loaded but not responding. | AC125SP50255 | Windows all, UNIX all | The issue happens when the policyfetcher tries to update the DMS (via DH__WRITER) with deleted deployments (after performing deployment cleanup using dmsmgr). the deleted deployments contains many errors (hundreds) so many selang commands sends to the DH__WRITER.. there are 5 DH's and 400 endpoints point to every DH. the policyfetcher setting is to check for new deployments every 10 minutes (which is a too low value for such env and make the DH to be very loaded). the number of connection that the DH (agent) allow simultaneity are 200 and we exceed this number so some connections refused. | - | Workaround - send a policy to all the endpoints to adjust the policyfetcher setting (main change is that the policyfetcher will read deployments every 6 hours which should improve the load on the DH). add a filter file to the DH__WRITER to filter out deployments errors during the recovery process (to limit commands that written to the DH__WRITER audit file). Solution: 1. Policyfetcher : Don’t send removed deployments to the DH__WRITER (if not exist on the DH) 2. Policyfetcher : Control the number of deployment errors that the policyfetcher sends to the DH__WRITER 3. Policyfetcher : Reload its setting every interval. 4. Policyfetcher – Change the default setting. (increase the values) 5. DMS – don’t create gdeployment objects that not contain any related deployment. (this should improve the deployment audit performance) | - | - | - |
| 112 | 3 | UNAB | 2.Privilleged Accounts Request by Endpoint | AC125SP50259 | Linux all | SELinux is denying sshd from calling UNAB functions from PAM | SELinux is set to enforcing. | - | Set SELinux to enforcing in /etc/selinux/config With UNAB running, attempt to login using ssh with an AD user (hanuma / N0tAll0wed) Login fails | - | - |
| 113 | 1 | UNAB | 3.Privilleged Accounts Request by Requestor | AC125SP50260 | UNIX all | - | - | - | - | 1649 | T243828 |
| 114 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where cainstrm runs, but sqlcmd does not start. | AC125SP50261 | Windows all | - | - | - | - | - | - |
| 115 | 2 | Windows Endpoint Kernel Mode | Fixes an issue with ControlMinder where .Net applications (32-bit) under 64-bit OS do not start. | AC125SP50266 | Windows all | - | - | - | - | 534 | T5P7100 |
| 116 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where a Blue Screen Error occurs on Windows Server 2003 R2 SP2. | AC125SP50267 | Windows 2003 | Drveng bug in network hooking for windows 2k3 x86/x64 only. | - | - | - | 537 | T5P7102 |
| 117 | 2 | UNAB | Fixes an issue with UNAB where the uxconsole core dumps on user registration. | AC125SP50268 | UNIX all | - | - | - | - | 1649 | T243877 |
| 118 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where the system crashes on Solaris 10. | AC125SP50270 | Solaris | - | - | - | - | 1687 | TC61204 |
| 119 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the ReportAgent could not get correct values in audit_log. | AC125SP50273 | UNIX all | - | - | We need to apply the fix ReportAgent. or we have to use the default path for audit_log. | - | 1655 | T243833, T243878, T243879, T243880, T243881, T243882 |
| 120 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder that when installed on windows 2003 Domain Controller using Active Directory, users access to servers using Windows 7 desktops generates an audit with wrong user name. | AC125SP50275 | Windows all | Absense of delegation thread token check | See issue description | Added missing check | See issue description | 535 | T5P7101 |
| 121 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the SSH session fails during installation. | AC125SP50277 | Linux x86 | - | - | - | - | 19 | T540102 |
| 122 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where kill protection leads to incorrect audit records (D PROCESS). | AC125SP50279 | Windows all | - | - | - | - | 539 | T5P7110 |
| 123 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where blue screen error occurs due to kernel mode stack depletion when running recurrent SPGM propagate checks for newly created process. | AC125SP50282 | Windows all | - | - | - | - | - | - |
| 124 | 3 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the policydeploy -getrules dos not work. | AC125SP50284 | Windows all, UNIX all | Code error. | no condition. You just need to set up the DMS__ and DH__ environment. | We need to apply the fix policydeploy. | policydeploy -getrules policyname -ds /tmp/t1.txt -uds /tmp/t2.txt -dms DMS__@ this command return an error. | 528 | T243831, T243832 |
| 125 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where sesu generates two surrogate log entries in seos.audit file. | AC125SP50287 | UNIX all | - | - | - | - | 1658 | T243834 |
| 126 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where if one group is defined in XGROUP you cannot add another group as XGROUP. | AC125SP50289 | UNIX all | In a list of the group name in xgid(....), if the one group is detected as existed in database, the rest of the group after this group will be skipped. | xgid(grp1, grp2, ...) We'll have to have none-existed group after an existed group in the xgid group list. | Either all group are not in database or all group are in database. Or All none-existance group has to be in the front of the list. | AC=^auth FILE /tmp/testfile xgid(grp1, grp2, grp3) If there is a group name that is not defined or existed in XGROUP and this group is after a group that is already defined/created in XGROUP, then we'll have a problem. For example, xgi(grp1, grp2, grp3). grp1 is created in XGROUP, but grp2 is not created in XGROUP yet, then we'll have a problem. This is because when grp1 is defined, the implicite creation for the rest of the groups are skipped. | 1712 | T243938, T243939, T243940 |
| 127 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where empty resource names are displayed if using _default when running su from cron. | AC125SP50290 | UNIX all | - | - | - | - | - | - |
| 128 | 3 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder where DH_WRITER, DMS and DH overloaded and do not respond. | AC125SP50292 | Windows all, UNIX all | Missing "Out Of Sync" value when checking if a policy is deployed. | This fix should include: For Unix: policyfetcher, seagent. For Windows: policyfetcher.dll, SeoSAgent UI: new AccessControl jar - (this fix only display issue) | Workaround: redeploy the policy on the host with issue. | When a policy become "Out Of Sync" you cannot undeploy the policy and the deployment object created with a FAIL status. also, in the UI there is a display issue: you cannot see this status in the "view host" and wen you try to redeploy a policy. | 538 | T5P7103 |
| 129 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the ReportAgent experienced memory leaks. | AC125SP50294 | Windows all | The pmd shapshots of DH_ and DH_WRITER consuming significan memory, are redundant. | - | - | - | 540 | T5P7111 |
| 130 | 2 | UNAB | Fixes an issue with UNAB where containers have additional spaces in their names. | AC125SP50295 | UNIX all | - | - | - | - | - | - |
| 131 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the ReportAgent experienced memory leaks. | AC125SP50298 | UNIX all | Report Agent periodically terminates and watchdog should start it again. | - | Watchdog periodically starts report agent according to configuration | - | 540 | T5P7111 |
| 132 | 1 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where N FILE entries are displayed instead of D FILE entries in Audit. | AC125SP50299 | Windows all | - | - | - | 1. Install R12.5 SP5 EP 2. Create a file resource with defacc none and audit all 3. Apply testfix (CES 64370 - Deny PROCESS audit is misleading) according to the steps described in readme. 4. Open the File | - | - |
| 133 | 2 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the ability to specify JAVA garbage collector parameters for JVM tuning has been added. | AC125SP50303 | Linux all | - | - | Add GC optional parameters. | - | 540 | T5P7112, T5P7113, T5P7114, T5P7116, T5P7117, T5P7118, T5P7119, T5P7120 |
| 134 | 3 | UNAB | Fixes an issue with UNAB where UNIX groups are not shown for user in case the UNIX attribute tool is installed in another domain. | AC125SP50308 | Unix all | - | - | Extract the domain from the user LDAP path to query the groups which have GID, instead of using the computer domain. | Install the UNIX attribute tool on domain A. using ADUC browse to domain B. see that the user UNIX groups are from domain A and not from domain B. | - | - |
| 135 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where selogrd displays hostname in digits (IP). | AC125SP50309 | UNIX all | There are a set of default options set for "seaudit -a"; There is no such default options for selogrd. or the default options is not set properly for selgord. | - | - | Please add the following to the file /opt/CA/AccessControl/log/seoslogr.cfg. rule1 file /tmp/dh.log rule2 host localhost Please start up selogrd and selogrcd. Please perform a telnet login so that a LOGIN record is generated. Run "seaudit -a", and check the LOGIN record. You should see HOSTNAME instead of IP for LOGIN record. Please check /tmp/dh.log, and look for the LOGIN records. the HOSTNAMEs are in IP address. | 1698 | T243892, T243893, T243894, T243895, T243896, T243897, T243898, T243899 |
| 136 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where devcalc returns incorrect results when wildcard * is used in selang command. | AC125SP50310 | Windows all | System variable is still used in ruleset. We need to resolve the system variables. | We'll have to create policy using system variable such as %SystemRoot% or %COMPUTERNAME% in the policy rules if we want to reproduce the problem. | Please use the fix DevCalcAPI.dll. | - | 1680 | T243907 |
| 137 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder blocks signals when class PROCESS is off. | AC125SP50311 | Solaris | - | - | - | - | 1699 | TC61210 |
| 138 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the ACEE table grows when a user is defined with a short name in the database. | AC125SP50312 | Windows all | Syncronization issue, when termination of the DMS, the main PMD process is closing the database, while its client process still handling a command (writing to the database) | - | 1. Fix the memory growing issue. 2. Fix the shutting down issue | 1. to create the memory growing issue, run the DMS in debug mode (sepmdd -debug), use a user with short name i.e gatof01 instead of TANT-A01gatof01, to send a commands using "selang" -f to the DMS, after a while you will see an error - the ACCEE table reallocate. 2. send many commands to the DMS (using selang -f and propagated from the DH) shutdown the DMS and see that when the DMS start its try to rebuild its database 3. Working with AES, send many commands to the DMS from different processes in parallel. | 544 | RO45510 |
| 139 | 2 | UNAB | Fixes an issue with UNAB where uxconsole core dumps occurs on user registration. | AC125SP50314 | AIX | - | - | - | 1.Install unab on a AIX box 2.rm -rf /var/krb5/security/creds 3.Register unab uxconsole -register | 1649 | T243870, T243873, T243874, T243875, T243876, T243877 |
| 140 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the terminal rule do no work if the terminal name is defined as an IP address. | AC125SP50315 | Windows all | - | - | Defined the hostname in ..\etc\hosts, then the problem is resolved. | - | 1597 | T243761, T243762, T243763, T243764 |
| 141 | 2 | UNAB | Fixes an issue with UNAB where installation does not install CAWIN on HP-UX 11.11. | AC125SP50317 | HP-UX | cm_postinstall.sh only installs CAWIN if it is running HP-UX 11.23 and 11.31. | HP-UX 11.11 | Make cm_postinstall.sh handle HP-UX 11.11. | On an HP-UX 11.11 system without CAWIN installed, install UNAB. CAWIN will not get installed. | 20 | T3E7139 |
| 142 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where file permissions are not changed back to the original/before install permissions. | AC125SP50319 | UNIX all | To modify a file is actually create a new file. | problem can be reproduced in AC installation and AC uninstallation. | none | 1. Modify file permissions of /etc/pam.d/system-auth to 600. 2. Install Access Control and the file permissions will change to 644. 3. Uninstall Access Control. 4. The file permissions will be still set as 644. | - | - |
| 143 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where kernel memory leak happens in the realpath cache. | AC125SP50320 | Solaris | Memory leak in realpath cache. | - | - | - | 1700 | TC61213 |
| 144 | 2 | UNAB | Fixes an issue with UNAB where uxauthd.sh fails to start uxauth daemon on global zone | AC125SP50321 | Solaris Zones | - | - | - | - | 21 | T5P7134 |
| 145 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where a user surrogating to a new user, ControlMinder user viewed with sewhoami command is the new user. | AC125SP50324 | UNIX all | - | - | - | - | 1701 | TC61214, TC61215 |
| 146 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where blank message appears in syslog on shutdown | AC125SP50326 | Solaris | - | - | - | - | - | - |
| 147 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where a blank message appears is syslog on shutdown on Solaris. | AC125SP50327 | Solaris | The stub_execve has changed so the position of the call offset is off by 2 bytes. | SLES 11 sp1 X64 with kernel 2.6.32.46 | - | Running prior to this fix on SLES 11sp1 with kernel 2.6.32.46 and above will cause a panic at start up of AC. | 1697 | T540124 RO45989 |
| 148 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where devcalc returns incorrect result when wild char * is used in selang command. | AC125SP50329 | Unix all | - | - | - | - | 1680 | T243862, 243863, T243864 |
| 149 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder fails to start on OEL 5.7 kernel. | AC125SP50333 | Linux | OS kernel update | OEL 5.7 UEK kernel 2.6.32-300.3.1.eluek | - | Patch OEL 5.7 to UEK kernel 2.6.32-300.3.1.eluek and Access Control will not load and start | 1703 | T540114, T540115, T540116, T540117 |
| 150 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where a user surrogating to a new user, ControlMinder user viewed with sewhoami command is the new user. | AC125SP50335 | UNIX all | - | - | - | - | 1701 | TC61214, TC61215 |
| 151 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where silent setup specifies feature incorrectly. | AC125SP50338 | Windows all | - | - | - | After AC silent setup with (or without by default) option ADV_POLICY_MNGT_CLIENT=0 disabling install of Advance Policy Management Client e.g. setup.exe /s /v" /qn COMMAND=proceed ADV_POLICY_MNGT_CLIENT=0 /L*v c:ACinstall.log" The featture "Advance Policy Management Client" is shown as installed in "Select Features" dialog. | - | - |
| 152 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where new messages from English were missing in Japanese. | AC125SP50339 | UNIX all | Cannot send kill signal from JP1 when AC is running. | - | - | - | 1705 | TC61220, TC61222 |
| 153 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where join command from UNIX, failed to execute on Windows NT. | AC125SP50341 | Unix all | Join Translation function is skipped. | Send a command from a Unix machine to a NT machine. For example. In a unix box, run "host pmdb1@windows_machine" and then run "join testuser group(testgrp) nt" The join command will fail in the NT side. | - | 1. create pmdb on Windows AC and subscribe localhost =^ selang AC=^ env pmd AC(pmd)=^ createpmd pmdb1 AC(pmd)=^ subs pmdb1 subs(localhost) AC(pmd)=^ subspmd parentpmd(pmdb1@localhost) 2. create root user and authorize to terminal on pmdb and subscriber AC(pmd)=^ env ac AC=^ host pmdb1@ AC=^ eu root admin auditor AC=^ er terminal ^=hostname of unix=^ own(nobody) defacc(r) AC=^ auth terminal ^=hostname of unix=^ id(root) acc(a) 3. change passwd.passwd_format to NT on Unix AC 4. log into windows pmdb from unix AC and create new group and user # selang AC=^ host pmdb1@^=windows hostname=^ AC=^ ng testgrp nt AC=^ nu testuser password(testuser) 5. confirm testuser is not member of testgrp on both AC/NT environment on both pmdb/subscriber AC=^ sg testgrp nt AC=^ host ^=windows hostname=^ AC=^ sg testgrp nt 6. join new user to new group created step 4 on both AC/NT environment from pmdb AC=^ host pmdb1@^=windows hostname=^ AC=^ join testuser group(testgrp) nt 7. check testuser is joined to testgrp both on AC/NT environment on both pmdb/subscriber AC=^ sg testgrp nt -=^ testuser is listed as member; work as expected on pmdb AC=^ host ^=windows hostname=^ AC=^ sg testgrp nt -=^ testuser is listed as member on AC env but NOT on native env. From OS native tool, testuser is not member of testgrp. This is the problem! | - | - |
| 154 | 1 | UNAB | Fixes an issue with UNAB where database busy errors return from NSS. | AC125SP50342 | Linux x64 | nss_uxauth closes the current SQLite3 handle and open a new one for a process after a fork. SQLite3 does not support using a handle after a fork. | - | - | - | 24 | TC61224, TC61225 |
| 155 | 3 | UNAB | Fixes an issue with UNAB where uxauthd daemon crash when user DN contains PU with 'DC ' | AC125SP50343 | Solaris | uxauthd crash when user DN conatained PU with 'DC ' inside | - | - | - | - | - |
| 156 | 3 | Windows Endpoint User Mode | Fixes an issue where ControlMinder does not accept special characters !"#$%&'()=~|. | AC125SP50344 | Windows all | The root cause of the problem is selang didn't escape the char "|". | AC=^ so password(rules(prohibited(!"#$%&'()=~|\))) | - | run the command below, AC=^ so password(rules(prohibited(!"#$%&'()=~|\))) you will see the problem. | - | - |
| 157 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where seagent consumes high CPU usage occasionally. | AC125SP50347 | Unix all | Seagent make an tcp/ip call and that call is trapped in an endless loop. | There is no solid answer here. It could be that we'll have to have a busy network environment to reproduce the problem. | - | There are no steps to reproduce the problem. The problem happens in the client's environment only. It may has something to do with their busy network trafic. | 1708 | T243922 |
| 158 | 3 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder where an upgrade policy fails if a policy contains a deleted version of that policy | AC125SP50349 | Windows all, UNIX all | Policy fails if a policy contains a deleted version. | - | - | - | - | - |
| 159 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where a defect in getvar.sh resulted in wrong OSMD and wrong SEOS_syscall link on AIX 7.1 TL01 | AC125SP50352 | AIX | AIX - OSMD wrongly calculated by getvar and thus SEOS_syscall link was missing. | - | - | - | 1711 | T3E7143 |
| 160 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the audit filter does not work on internal rules records. | AC125SP50354 | Windows all | The FILE entry in audit,cfg does not stop writing records generated by access to protected internally AC file resources. | - | - | Add following filter to audit.cfg FILE;C:Program FilesCAAccessControlData*;*;*;*;D Access or try to create file in AC/Data/help, e.g. echo 123 =^ "C:Program FilesCAAccessControlDatahelptest" First time the denial record is filtered out, but after following repeat calls the denial records appears in audit log. | 525 | T5P7093, T5P7150 RO48001 |
| 161 | 1 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where memory leak occurs with seosagent when commands are continuously sent to the DMS and DH__WRITER. | AC125SP50358 | Windows all | - | - | - | - | - | - |
| 162 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where selogrd crashed on USER TRACE record which was configured to route target "syslog". | AC125SP50359 | UNIX all | The format patterns in message sent to syslog are interpreted by syslogd itself causing MSE in selogrd. | - | - | - | 1706 | T5P7139, T5P7141, T5P7142, T5P7143, T5P7144 |
| 163 | 2 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the watchdog daemon does not send timer events to seosd. | AC125SP50360 | Unix all | The wachdog maintains dynamic queue of events to be handled. After handling current event watchdog removes it from queue. When all events are done the watchdog is refreshing queue adding all internal events again to queue. The problem is that some handlers add new event to queue. As result queue is never empty and watchdog does not add internal events to queue. | The AC DB has extended policy including many untrusted programs. The watchdog checks programs trust status and generates new events to be handled. | Change watchdog timer handler, after sending timer message put event again to watchdog queue. | ACEE table leak reproduced with customer's DB and seos.ini | 1710 | T3DB100 |
| 164 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the wrong session id maps in EXE record for KBL | AC125SP50363 | UNIX all | - | - | - | 1.) Install AC. 2.) create a user in selang nu demo password(demo) audit(interactive). 3.) enable kbl token in seos.ini file. 4.) restart the services. 5.) do login attempts using telnet. 6.) check for seaudit -kbl with all switches. | - | - |
| 165 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where an unexpected output was received from "who am i" after switching user. | AC125SP50368 | Unix all | ControlMinder starts new KBL session after "su", then allocates new tty and updates utmp for root. | KBL enabled, "root" has audit flag "interactive" | Take user name from seosd when building new utmp record. The seosd keeps originally logged in user. | seos.ini kbl_enabled = yes AC=^ nu test audit(interactive) AC=^ eu root audit(interactive) AC=^ auth program /work/opt/CA/AccessControl/bin/sesudo uid(test) access(a) AC=^ nr sudo su data('/bin/su') defaccess(a) login as user 'test' -sh-3.00$ tty /dev/pts/4 -sh-3.00$ /work/opt/CA/AccessControl/bin/sesudo su [root@ismelx77 /]# tty /dev/pts/5 [root@ismelx77 /]# who am i root pts/5 Feb 28 22:44 (ismesl07.memco.co.il) EXPECT: user "test", not root | 1716 | T3DB101 |
| 166 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where devcalc core dumps occurs on start up. | AC125SP50369 | Unix all | Trying to access a database where the global variable is not ready for devcalc. | It happens with commands as follows in ruleset. so class (FILE) flags+(W) so class (PROGRAM) flags+(W) so class (SURROGATE) flags+(W) so class (LOGINAPPL) flags+(W) | Please apply the fix devcalc. | Create a policy with these commands. so class (FILE) flags+(W) so class (PROGRAM) flags+(W) so class (SURROGATE) flags+(W) so class (LOGINAPPL) flags+(W) deploy the policy to an endpoint. AC=^start devcalc Please search for core from devcalc. in my test, it is in root /core. | 1715 | T243943 |
| 167 | 2 | UNAB | Fixes an issue with UNAB where sqlite3 transaction in uxauthd was not terminated after sqlite command failure. This caused database lock and UNAB NSS failed to get user or group information | AC125SP50374 | Solaris | - | - | - | Steps performed: 1.Install UNAB 2.Register and Activate 3.Connect UNAB EP to ENTM 4.Deploy a Login Policy from ENTM to EP 5.Check the Login policy 6.Check the users/groups using the below commands [root@kirra02-I29813 lbin]# /opt/CA/uxauth/lbin/sqlite3 /opt/CA/uxauth/etc/nss.db "SELECT * FROM pw" [root@kirra02-I29813 lbin]# /opt/CA/uxauth/lbin/sqlite3 /opt/CA/uxauth/etc/nss.db "SELECT * FROM gr" 7.Try logging with Ad user pushed from ENTM 8.Login is sucessfull 9.Check /var/log/messages for any errors related to nss db SQL errors. 10.No errors found | - | - |
| 168 | 2 | Windows Endpoint Kernel Mode | Fixes an issue where ControlMinder does not protect remounted DVD drive. | AC125SP50375 | Windows all | Mount detection code rules out all cases except persistent storage. | - | Removed code to filter out volume type. | - | - | - |
| 169 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the sesu command crashes with core dump. | AC125SP50377 | Unix all | "sesu" sends output of getenv("HOME") to sprintf command. In case this env. variable is not defined the sesu sends NULL to sprintf leading to crash. | unsetenv HOME | Check return value of getenv("HOME") | unsetenv HOME =^ ./sesu root -c sh Segmentation fault (core dumped) | 1718 | T3DB102 |
| 170 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where SSH login fails when keyboard logger is enabled | AC125SP50378 | Unix all | Cannot find shared libcrypt | KBL enabled | Remove flag -lcrypt from compilation. The cmdlog does not need it. | seos.ini kbl_enabled=yes AC=^ eu test audit(interactive) =^ ssh ismesl12 -l test Password: ld.so.1: -sh: fatal: libcrypt_d.so.1: open failed: No such file or directory Connection to ismesl12 closed. ==^ CONNECTION fails | 1719 | T3DB103 |
| 171 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where password change is intercepted by eACPasswordFltr and is sent to password pmdb while changing the user to NT AUTHORITYSYSTEM. | AC125SP50380 | Windows all | Hosts command resets changing user with a user obtained by local_seadmapi_WhoAmI() which wss added in 12.SP3(AC1262144). | User change own password via native passowrd which is managed by PMDB | - | 1. User log in GUI and change password with Ctrl+Alt+Del 2. Password change request send to local AC db and passwd_pmd to deliver it. 3. Password change by service user such like NT AUTHORITYSYSTEM on PMD 4. Deliver password by the user who is pwmanager. 5. Set grace(1) since the change is update by Administrative user not himself/herself. | - | - |
| 172 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where changing user own password set grace count as admin change | AC125SP50381 | Windows all | Changing password set grace count as admin change | User who password is changed does not exist in password PMDB | - | [Step] 1. Create pmd and configure the local machine as the subscriber. eg) createpmd pmd1 subs pmd1 subs(localmachine) 2. Configure the password pmd, its subscriber is pmdb. eg) subs pass_pmd subs(pmd1@localmachine) HKLMSOFTWAREComputerAssociatesAccessControlPmdpmd1 Parent_pmd=pass_pmd@localmachine 3. Create the user from pmdb and propagate it. 4. change password using the OS function. 5. grace 1 is granted to the local user. In this case, user does not exist in the password pmdb. | 529 | T4CC129 |
| 173 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where login sequence does not work for SSH. | AC125SP50382 | UNIX all | - | - | - | - | - | - |
| 174 | 2 | UNIX Endpoint User Mode | Fixes an issue with UNAB where multiple restarts occur if installed after ControlMinder installation | AC125SP50384 | UNIX all | - | - | - | - | - | - |
| 175 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the ReportAgent stops responding 23:30. | AC125SP50385 | UNIX all | ReportAgent tried to kill itself but used process id 0 or -1. | - | Stop ReportAgent. | - | 1720 | TC61229 |
| 176 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where PACL rules do not apply due to the device number change that occurred after Solaris cluster failover. | AC125SP50389 | Unix all | AC can not find PACL for new device. | Solaris cluster failover. | PACL search use search by full name if failed find by device. | - | 1724 | T3DB105 |
| 177 | 2 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where seosd crashes accessing null pointer. | AC125SP50390 | Unix all | seosd file table search attempt access empty table slot. ----------------------- INTERNAL: Possibly file audit event comes from kernel after file was removed in DB. The seosd cleans both kernel file table and kernel file cache when removing file entry. However possibly event was already routed to seosd while deleting file in DB. | - | Check file table entry before accessing it | - | 1725 | T3DB106 |
| 178 | 1 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where system-auth link is erased. | AC125SP50391 | Linux | - | - | - | - | - | - |
| 179 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where there is no start service type interception for winservice. | AC125SP50404 | Windows all | - | - | - | - | 555 | T243962, T243963 |
| 180 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the wrong user is shown in the password change prompt. | AC125SP50408 | Unix all | The SSH loginappl has flag EXECLOGIN. It causes AC to postpone login until next EXEC event. When sepass fetches user name from AC it is still root, despite system login already occured. We cannot remove EXECLOGIN flag from SSH because ot is required for SFTP login | Password expired and sepass enabled | Current package implements following solution The AC saves new user name in process table when handles PAM login. Function "seadmapi_WhoAmI" returns user id from process table. The sepass uses returned uid or real user. | 1. AC rules AC=^ so class-(PASSWORD) AC=^ cr loginappl SSH loginflags(PAMLOGIN EXECLOGIN) AC=^ nu test01 password(password) 2. passwd is renamed and symbolic linked to sepass # mv /usr/bin/passwd /usr/bin/passwd.org # ln -s /opt/CA/AccessControl/bin/sepass /usr/bin/passwd # ls -l /usr/bin/passwd* lrwxrwxrwx 1 root root ... /usr/bin/passwd -=^ /opt/CA/AccessControl/bin/sepass -rwsr-xr-x 1 root root ... /usr/bin/passwd.org 3. seos.ini # seini -s passwd.DefaultPasswdCmd = /usr/bin/passwd.org 4. users password interval is managed by OS chage command # chage -M ^=max days=^ -I ^=inactive days=^ -W :: # chage -M 14 -I -1 -W 5 -d 2012-01-01 test01 5. ssh login by test01 WARNING: Your password has expired. You must change your password now and login again! CA Access Control sepass v12.60.0.1165 - Password replacement Copyright (c) 2010 CA. All rights reserved. Enter root's old password: ==^ promt asks root password while regular user logs in | - | - |
| 181 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue where the user looses ControlMinder identity and thus ControlMinder fails to protect resources from that user. | AC125SP50418 | UNIX all | Kernel cache problems. | - | - | - | 1674 | TC61198 |
| 182 | 3 | Unix Endpoint User Mode | Fixes an issue where ControlMinder proceeds to PACL verification even if ACL rule is set none. | AC125SP50419 | Unix all | Authorization design | - | This package changes AC authorization to proceed to PACL verification even ACL access was defined as none. | 1. Set ACL/PACL accumulative in selang options (it is default) 2. Set default access AC=^ ef /QA_tmp/test defaccess(r) 3. Prevent access for user AC=^ auth file /QA_tmp/test uid(test) access(n) 4. Allow access via specific program AC=^ auth file /QA_tmp/test via(pgm(/usr/bin/cat)) uid(test) access(r) 5. Verify access (test)$ cat /QA_tmp/test ==^ access DENY | - | - |
| 183 | 1 | UNIX Endpoint User Mode | Fixes an issue where ControlMinder fails to unload. | AC125SP50421 | Solaris | Seosd did not push/pop AC from/to OS streams | - | - | 1) Set SEOS_use_streams=yes in seos.ini 2) Load and start AC (seload) 3) Open a telnet/SSH session into Soalris 9 machine and leave it open 4) Stop AC (secons -sk) 5) Unload AC (SEOS_load -u) | - | - |
| 184 | 2 | UNAB | Fixes an issue where telnet fails on SELinux after UNAB uninstall. | AC125SP50424 | LINUX all | nsswitch.conf is being modified by the UNAB install, and because of this the file type is changed from etc_t to rpm_script_tmp_t | SELinux enforcing | - | On OEL 5u8 Selinux enforcing, telnet works. Set selinux to permissive to install UNAB. Install UNAB, but do not run it. Set selinux to enforcing. telnet / rlogin fail. Set selinux to permissive. Uninstall UNAB Set selinux to enforcing. telnet / rlogin fail. | - | - |
| 185 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue where Tivoli agent blocks ControlMinder unload on Linux. | AC125SP50427 | Linux all | Tivoli Agent was blocked in AC interceptions and thus AC unload fails. | AC and Tivoli Agent running on the same Linux machine. | Apply new AC unload exit script. | Start AC first. Start Tivoli Agent. Try to unload AC. | 1676 | TC61200 |
| 186 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where wrong authorization results occur for PACL rules. | AC125SP50428 | UNIX all | Wrong pgm used for kernel cache - resulting wrong cache hits. | - | - | - | 1729 | T3DB107, T3DB108, T3DB110 |
| 187 | 2 | Windows Endpoint Kernel Mode | Fixes an issue with ControlMinder where wrong authorization results for device protection. | AC125SP50429 | UNIX all | The AC kernel applies incorrect authorization result taken from kernel file cache. From running debug kernel on customer's environment we discovered that kernel file cache hits entry for program "/bin/bash" while real program is "/bin/cat" or "fdisk". It happens because file cache uses program "bash" is parent process has flag TRUSTED_SCRIPT | - | Change file cache to keep both accessing program and parent (old) program. Verify both programs when searching in cache. | From custoomer: I add a new disk (turn of the VM, add the disk, restart the VM) and now 1. cat /dev/sde (new device) succeeded, but shouldn't ===^ Not OK 2. fdisk -l succeeded (as planned) ===^ OK 3. Disable F cache table (secons -ktc 3) 4. cat /dev/sde failed ===^ OK 5. fdisk -l succeeded (as planned) ===^ OK 6. secons -ktc 3 Clean F cache table 7. cat /dev/sde failed ===^ OK 8. fdisk -l succeeded (as planned) ===^ OK 9. secons -ktc 2 Enable F cache table !!! This is beyond your test case and see the results !!! 10. cat /dev/sde failed ===^ OK 11. fdisk -l failed ===^ Not OK | 1729 | T3DB107, T3DB108, T3DB110 |
| 188 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where restriction update failed on Windows x64. | AC125SP50430 | Windows x64 | The pointer is not pointing to the right address. It means that we didn't copy the data back the correct location. | The problem happens on Windsow X64 only. | - | AC=^env native AC=^eu tt01 resctriction(days(anyday) time(anytime)) Please run the windows command. # net user tt01 Please check the field "Logon Hours allowed", it is set to "None". The correct result should be: Logon Hours allowed All | 558 | T243969, T243970, T243971 |
| 189 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the size of seoswd (watchdog daemon) increases every 24 hours. | AC125SP50431 | UNIX all | Reload watchdog parameters function did not fee seosini Handle. | Size of seoswd grows every 24 hours. | Increase RefreshPararms will slow memory grouth [seoswd] RefreshPararms=86400(default in sec) | 1.Start AC 2.Check size of seoswd by ps -el 3.Move syste date one day forward 4.Check size of seoswd by ps -el 5.Repeat 3 and 4 several time | 1731 | T4CC148 |
| 190 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where AuditHandler did not check audit filtering. | AC125SP50432 | Windows all | AuditHandler did not check audit filtering. | Audit record coming form the driver via AuditHandler | - | [procedure] 1. stop AC \=^ secons -s 2. create test directory and file \=^ mkdir TEMP \=^ mkdir TEMP\VB_BIN \=^ echo aaa =^ c:\TEMP\VB_BIN\test.txt 3. create policies editres FILE ("c:TEMP*") audit(ALL) defaccess(READ CHDIR) owner('nobody') authorize FILE ("c:TEMP*") access(READ WRITE DELETE RENAME CREATE EXECUTE CHOWN CHMOD UTIME SEC CHDIR) uid('administrator') 4. start AC 5. access to the directory/file and check audit log \=^ cd temp \=^ cd vb_bin \=^ type test.txt \=^ cd \=^ seaudit -a -sd today some file access log to C:\TEMP\VB_BIN, C:\TEMP\VB_BIN\ and C:\TEMP\VB_BIN\test.txt appears -=^ this is expected 6. add filter in audit.cfg \=^ secons -s add following filter at the last of audit.cfg: *;C:\TEMP\VB_BIN*;Administrator;*;*;* TEST CASE 1 7. do step5 again [expected result] all file access logs are filtered [actual result] some file access logs for C:\TEMP\VB_BIN appears; others such as C:\TEMP\VB_BIN\test.txt are filtered TEST CASE 2 8. \=^ cd temp 9.restat AC 10. \=^ cd vb_bin(type vb_bin but tab key) \=^ cd .. \=^ cd [tab key] \=^ seaudit -a -sd today [expected result] all file access logs are filtered except C:\TEMP* [actual result] all file access logs are filtered | 559 | T4CC165, T4CC166 |
| 191 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder assigns wrong ACEE after gnome console login. | AC125SP50437 | Linux | The process "gdm-binary" handles console login. This process never terminates. The AC detects console logout when process "gnome-session" exits. Upon gnome-session exit the AC cleans assigned ACEE from all processes including "gdm-binary". In this case, however AC failed to detect end of session and "gdm-binary" kept ACEE of previous session. In such way new login gained ACEE of previous session. ----------------------------- The AC perfroms GDM handling in kernel and checks GDM process comparing program name. There is compared hard-coded string "/usr/sbin/gdm-binary" while on RH 4 path may differ and could be "/usr/bin/gdm-binary" | - | Two improvements in this package 1) Compare also "/usr/bin/gdm-binary" 2) decrement ACEE counter when cleaning gdm related ACEE | Use gnome (gdm) console to logon 1) login as root, check with sewhoami, and it reports "root" - correct Then logout as root 2) login as testusr, run sewhoami and the report is "testusr" - correct. Then logout. 3) login again as root , execute sewhoami, but the report is "testusr" from previous login. Also cannot perform many root function. | 1733 | T3DB112, T3DB113 |
| 192 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the SSH login session freezes when running a lot of output and the keyboard logger is enabled. | AC125SP50438 | UNIX all | Logger and communication threads enter deadlock because of wrong queue counter. | - | - | - | 1736 | TC61243, TC61244, TC61245, TC61246, TC61247, TC61248 |
| 193 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where user is unable to log in with hosts command after creating pmdb by createpmd <name>. | AC125SP50439 | Windows all | createpmd add acl for user +reportagent to local host which was found by gethostname(). This caused to add another terminal without FQDN which does not allo to log in AC admin. | Hosts file include local host name with FQDN while canon name has FQDN. | - | 1. Install AC with FQDN and domain administrator. 2. create PMDB 3. access PMDB with host command in selang. Expected Result: User can log in normally. Actual Results: User cannot log in with following error: AC=^ host ppmd1@ (ppmd1@localhost) ERROR: Login procedure failed ERROR: You are not allowed to administer this site from terminal hatto01-I41733 At log in to localdb: 08 May 2012 07:45:59 P LOGIN HTESTadministrator 54 10 hatto01-I41733.htest.inc selang At log in to PMDB: 08 May 2012 07:35:38 D LOGIN HTESTadministrator 69 10 hatto01-I41733 selang | - | - |
| 194 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where performance issues occur in sub authentication when ControlMinder is installed on a domain controller. | AC125SP50441 | Windows all | The problem is that Ac authorization is too long per each event. Addtionally AC serialize the events to be handled one at a time. | Installing AC on a domain contoller makes the problem very visible as many logons from all domain's members are channeleing into AC sub authentication. | - | Install AC on a domain controller and perform perfomance stress as it is describe in the issue: 20968962. With default configuration: the difference in the numbers between running the tests when AC is running and AC is not running is very large and unaccepted. | 564 | T5P7094 T5P7193 RO48002 |
| 195 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where pmd error log is not printed. | AC125SP50442 | Linux x64 | Record template between server and client side mismatch | sepmd 64 bit binary | - | 1. install AC12.5 SP3 x64 version on RHEL 2. create PMDB0 as parent pmd 3. set parent_pmd token as PMDB0@^=host name=^ 4. subscribe AC endpoint to PMDB0 # sepmd -s PMDB0 ^=host name=^ 5. start selang and connect to PMDB0 # selang AC=^ host PMDB0@ AC=^ eu TEST owner(testuser) (PMDB0@localhost) ERROR: Failed to fetch data for USER/GROUP testuser AC=^ exit *note: testuser is not existed on AC/PMDB to get above error purposely 6. check PMDB0 error information as below # cd /^=AC-install-dir=^/policies/PMDB0 # ls -l ERR* -rw------- 1 root root 235 May 10 11:11 ERROR_LOG * looks some data are written, but # sepmd -e PMDB0 CA Access Control sepmd v12.53.0.1517 - Policy Model management Copyright (c) 2010 CA. All rights reserved. * not shown any error | 1607 | T4CC113 |
| 196 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where handle empty user name in seadmapi_WhoIs generates a seosd core in UNAB API. | AC125SP50444 | Solaris | - | - | - | - | 1740 | TC61254 |
| 197 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where garbled message appear in syslog in Japanese on startup. | AC125SP50447 | UNIX all | message AGENT_E_REG_STAT is not properly initialised to print to syslog. | - | - | This scenario can't be reprouced at will. | - | - |
| 198 | 3 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where seaudit -kbl utility does not convert the return code for successful end. | AC125SP50448 | Unix all | Seaudit -kbl did not convert return code for successfull end. | Seaudit -kbl end successfully. | - | # seaudit -a -kbl # echo $? 2 [Findings] These also return the value 2. # seaudit -kbl -cmd -sid / -kbl -pr These return the value 0. # seaudit -a / seaudit -kbl -rp [Question] Is it a correct behavior? If so, what does the value "2" mean? | - | - |
| 199 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where if a process named as watchdog exists, then issec reports this process as an AC process. | AC125SP50449 | UNIX all | - | A daemon happen to have a same name such as "agent", "watchdog" or "security.", issece will display these services as AC's processes. | Check if the process is the base service name. seosd, seoswd and seagent are the three base services that are registered in SEOS_syscall. other processes is not. So we just need to check if the process is AC's base service or not. | 1) Test on Linux. 2) cp -ip /bin/sleep /tmp/agent 3) Create a script called /tmp/agent.sh: #!/bin/bash # /tmp/agent 300 4) Start AC (^=AC_Instal_Path=^/bin/seload). 5) Run: /tmp/agent.sh 6) Run: ^=AC_Instal_Path=^/bin/issec --=^ See that it does NOT report /tmp/agent as an AC process in issec output. | 1744 | T243974 |
| 200 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where specifying shellprog in pmd native environment returns errors. | AC125SP50450 | Windows all | Shellprog property is not defined in database during creation. | Specify shellprog property for user creation/update in pmd native env | - | 1.Parent_pmd of unix endpoint is windows pmd 2.Create pmd on widnws endpoint and subscribe unix endpoint 3.Host pmd@ in selang on windows 4.eu caac_test26 audit(logins loginf f trace) owner(nobody) password(Password-0) native(userid(7106) pgroup(jfcca) shellprog(/bin/bash)) expected result: 1."ERROR: Property not found" does not appar 2.su in pmd@ shows shell property | 562 | T4CC164 |
| 201 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder when if installed to a location other than default, selogrd need to reference the environment variable SHLIB_PATH for its dynamic load library. On HPUX, an additional command is required to activate the variable ShLIB_PATH | AC125SP50453 | HP-UX | SHLIB_PATH is not enabled for /opt/CA/eac/lib/snmp.sl. We need to run "chatr +s enable /opt/CA/eac/lib/snmp.sl" to enable SHLIB_PATH for use. | It is HPUX and AC is installed to a path other than default. | Run this command. chatr +s enable /opt/CA/eac/lib/snmp.sl | - | - | - |
| 202 | 2 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where failed logins are not captured when SELinux is set to enforcing mode. | AC125SP50454 | LINUX all | issue does not occur on AC 12.6, and is due to an interaction with selinux | reproducible on linux x86 RHEL 5.8 | Workaround is to upgrade to AC 12.6 or set selinux to permissive | Steps to reproduce : 1. Install Access Control 2.Set serevu_pam_seos and pam_enabled tokens to "yes" in /opt/CA/AccessC ontrol/seos.ini 3.Start Access Control 4. Connect to selang 5. Create a user in selang nu testuser1 password(testuser1) audit(all) 6. Set serevu with the following values : /opt/CA/AccessControl/bin/serevu -d FOREVER -t 60s -f 3 -s 4m 7. Try telnet localhost with five wrong logins with the user Actual Output : pam_seos_failed_logins.log gets created but it doesn't captur e failed logins Expected Output : pam_seos_failed_logins.log gets created in /opt/CA/AccessCo ntrol/log and contains records of failed logins NOTE : Failed logins get captured when selinux is in permissive mode. | - | - |
| 203 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where multiple executions for none existing files on Solaris fail. | AC125SP50457 | Solaris x86 | - | - | - | 1. Start AC (seload). 2. selang: AC> nu test01 password(test01) 3. Start AC trace ( secons -tc -t ) 4. ssh -l test01 localhost 5. Exit SSH session 6. Stop AC trace (secons -t-) and open AC trace (seosd*trace) | - | - |
| 204 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where reboot fails on Solaris 10 zone due to failed umount when running in global and internal zones. | AC125SP50458 | Solaris | AC kernel module file name resolving hold and dint release v-node of mounted FS | NFS mounts in internal zones | Release v-node when going next loop | 1. Default AC installation 2. Installed Solaris NAS (NFS mounts in internal zones) 3. Start AC in global and both internal zones 4. in global zone try to reboot internal zones Expect: zone successfully reboots Actual: umount fails for internal zone | 1743 | T3DB122 |
| 205 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue where ControlMinder kernel extension does not load. | AC125SP50459 | AIX | getvar.sh incorrectly identified SEOS_syscall.530b as the kernel extension to use for AIX 5.3 TL 12 and above. However the new syscall was not introduced until TL 12 SP3, which caused a load failure for TL 12 below SP 3. | Problem occurs on AIX 5.3 with TL 12 below SP 3. | Workaround by upgrading to AIX 5.3 TL 12 SP3 or above. | On AIX 5.3 with TL 12 below SP 3, loading SEOS_syscall will fail with following error: Executing un/load exit file/usr/seos/exits/LOAD/SEOS_load_int.always. sysconfig[SYS_SINGLELOAD]:path(/usr/seos/bin/)module(/usr/seos/bin/SEOS_syscall ) err(8) : Exec format error | 1711 | T540130 RO46021 |
| 206 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where SEOS_put_look() failed to check for TCP STREAMS file before handling the message. | AC125SP50466 | Solaris | - | This occurs on system running X.25 based application. | The workaround is to use the STREAMS mode as the interception type. | - | 1746 | T3E7148 |
| 207 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where removing native user with appl property returns an error "Property not found". | AC125SP50467 | Windows all | The appl property is not defined in database during creation. | Specify appl property for user delition in pmd native env | - | 1.parent_pmd of unix endpoint is windows pmd 2.create pmd on widnws endpoint and subscribe unix endpoint 3.host pmd@ in selang on windows 4.eu testuser password(testuser) 5.ru testuser native appl(homedir=yes) expected result: "ERROR: Property not found" does not appar Plase also test: 6.eu testuser native(gscon("test")) expected result: 1."ERROR: Property not found" does not appar 2.sg in pmd@ netive env shows GSCON property 7.eg testgrp native(appl("test")) expected result: "ERROR: Property not found" does not appar | 562 | T4CC164 |
| 208 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where removing native user with appl property returns an error "Property not found". | AC125SP50468 | Windows all | groupid property is wrongly defined in database during creation. | Specify groupid property for group creation/update in pmd native env | - | 1.parent_pmd of unix endpoint is windows pmd 2.create pmd on widnws endpoint and subscribe unix endpoint 3.host pmd@ in selang on windows 4.eg testgrp audit(a) native(groupid(100)) expected result: 1."ERROR: Property not found" does not appar 2.sg in pmd@ netive env shows ID property | 562 | T4CC164 |
| 209 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where a LOGIN event showed up in audit when user invokes passwd command on himself. | AC125SP50469 | Solaris x86 | AC PAM sent a LOGIN event for passwd command. | - | - | - | 1752 | TC61277, TC61278, TC61279, TC61280, TC61281, TC61282, TC61283, TC61284 |
| 210 | 3 | Unix Endpoint User Mode | Fixes an issue where ControlMinder does not unload on RHEL 6.8 x86. | AC125SP50471 | Linux x86 | messagebus dbus-daemon is preventing AC kernel module unload because of a blocking accept syscall | - | - | On RHEL 5.8 x86 1. Start AC seload 2. Restart messagebus /etc/init.d/messagebus restart 3. Verify blocing syscall secons -scl shows blocking syscall 102 by dbus-daemon 4. Shutdown AC secons -sk 5. Attempted unload of AC fails SEOS_load -u | - | - |
| 211 | 3 | UNAB | Fixes an issue with UNAB where uxauthd deletes a user ticket every hour instead of deleting after ticket lifetime expiration. | AC125SP50475 | UNIX all | - | - | - | - | - | - |
| 212 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where shell becomes root after sesudo command. | AC125SP50476 | HP-UX | - | - | - | 1) Test on HPUX 11.23 IA64 2) AC> nu test01 password(test01) AC> nu dsofa password(123) AC> nr SUDO dsofa owner(nobody) defacc(none) AC> auth SUDO dsofa uid(test01) access(X) comment("bin/su - dsofa") 3) Start AC. 4) ssh -l test01 localhost 5) /opt/CA/AccessControl/bin/sesudo dsofa *;/bin/ksh | 1747 | TC61258, TC61259 |
| 213 | 2 | UNAB | Fixes an issue with UNAB where an Active Directory user's UNIX primary group was not found. | AC125SP50496 | UNIX all | AD user UNIX primary group was not found because of difference between userPrincipalName and sAMAccountName. | - | - | Login with AD user account with specific attributes. | - | - |
| 214 | 3 | UNIX Endpoint User Mode | Fixes an issue where ControlMinder can install even if entries begin with a .(dot) exist in the target directory. | AC125SP50508 | UNIX all | ls comand by default does not list the entries that begin with a .(dot) on Linux/HP-UX/Solaris | Entries begin with a .(dot) exist in target directory | No | Linux/Solaris/HP-UX 1.mkdir –p /opt/CA/AccessControl 2.touch /opt/CA/AccessControl/.a 3../install_base expected result: abort with the following err /opt/CA/AccessControl is not an empty directory. Please provide alternative installation directory. actual result: install_base continues install | - | - |
| 215 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the result of sepmd -t PMDB <offset> is not correct. | AC125SP50509 | Windows all | offset of sepmd -t is handled by hex incorrently. | Any value specified to offsed is handle by hex | - | 1. create pmd PMDB 2. input some rules into PMDB a. eg administrators native b. eg inf audit(logins loginf trace) native c. eu test1023 audit(logins loginf f trace) owner(nobody) pwasown(********) grace- profile(inf) native d. eu test1023 3. check PMDB command file =^ sepmd -C PMDB Offset Command ======== ========= 1) 0 eg administrators native 2) 608 (native domain) eg administrators native 3) 1216 eg inf audit(logins loginf trace) native 4) 2848 (native domain) eg inf audit(logins loginf trace)native 5) 3460 eu test1023 audit(logins loginf f trace) owner(nobody) pwasown(********) grace- profile(inf) native 6) 8212 (native domain) eu test1023 audit(logins loginf f trace) owner(nobody) pwasown(********) grace- profile(inf) native 7) 9576 eu test1023 4. truncate until offset 1215 ( expect to truncate command 1) and 2) ) =^ sepmd -t PMDB 1215 Truncating PMDB at 4629 5. check PMDB COMMAND file =^ sepmd -C PMDB Offset Command ======== ========= 1) 8212 (native domain) eu test1023 audit(logins loginf f trace) owner(nobody) pwasown(********) grace- profile(inf) native 2) 9576 eu test1023 commands from 1) to 5) are truncated unexpectedly. Also, the number value in truncate message is not correct | - | - |
| 216 | 3 | UNAB | Fixes an issue where UNAB fails to insert policy for host group name with special character. | AC125SP50512 | UNIX all | Fail to insert policy for host group name with special character, for example 'Cellcom's hosts'. | - | - | - | - | - |
| 217 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where ReportAgent crashes with core on KBL trace RAW record having empty data field. | AC125SP50513 | Windows all | - | - | Adding checking of empty Data for Raw type with bypassing of data extraction prevents from crash. | 1. Stop AC 2. set kbl_enabled = 1 3. Start AC 4. invoke number of commands with sufficient output like "find ." amd "ls -lhr" 5. Set Debug = 1 in accommon.ini and run ReportAgent task 4 in debug mode: ReportAgent -debug 0 -task 4 6. Expected that RA crash with core dump does not occur. | 1748 | T5P7196 |
| 218 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where a slash('/') of the root directory in audit record is missing when chrooted. | AC125SP50514 | LINUX all | A slash('/') of the root directory in audit record is missing when chrooted. | Access chrooted file/directry | Add a slash('/') to the current directory regardless of the parent is IS_ROOT. | 1. place proftpd-1.3.4a.tar.gz on /usr/local/src 2. tar zxvf proftpd-1.3.4a.tar.gz 3. cd proftpd-1.3.4a 4. ./configure --with-modules=mod_ifsession 5. make 6. make install 7. uncomment DefaultRoot in proftpd.conf 8. run proftpd I noticed that the /ftpdata was a separate file system according to hostsysinfo.txt in the support.tar.gz file. /dev/sda2 52427772 184372 49537252 1% /ftpdata For setting up a similar environment on LOD, I made a new filesystem in the following way. 1. Create a file to be used for a new filesystem # dd if=/dev/zero of=/root/ftpdata bs=1024 count=10240 2. Create a filesystem in the file # mkfs /root/ftpdata 3. Create a mount point # mkdir /ftpdata 4. mount the created filesystem to /ftpdata # mount -o loop /root/ftpdata /ftpdata For reproducing the problem, we need to create a user and the user's home directory in /ftpdata. # useradd kiban -d /ftpdata/SG001 # chmod 777 /ftpdata/SG001 The following AC rules need to be defined. ef /ftpdata/SG001 defacc(a) audit(a) owner(nobody) ef /ftpdata/SG001/* defacc(a) audit(a) owner(nobody) When you login to the proftpd server as user 'kiban', '/' between directory names disappears in the seos.audit log. This problem deos not happen when /ftpdata is a simple directory in the root filesystem. | - | - |
| 219 | 3 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where PACL denies incorrectly with changed i-node, while the program is still trusted according to DB settings. | AC125SP50516 | UNIX all | Kernel module didn't find program in table by program path. Function "eAC_TrustPg_get_best()" searches program by full path but checks return value incorrectly. As result executed script was not marked as "trusted script" and AC didn't apply viapgm rule. | Program "vi" changes program i-node when file is saved. | Kernel module function "eAC_TrustPg_get_best" changed Previous code : --------------- if (path[0] == '/' && eAC_h_tbl_get() == 0 ) return OK; ---------------( condition lack braces after &&) New code: if (path[0] == '/') { if (eAC_h_tbl_get() == 0 ) return OK; } | Prepare: # echo TEST =^ /tmp/test.txt # mkdir /home/work # vi /home/work/test.sh #!/bin/bash cat /tmp/test.txt Rule: AC=^ ef /tmp/test.txt owner(nobody) audit(all) defacc(N) AC=^ auth file /tmp/test.txt uid(*) acc(ALL) via(pgm(/home/work/test.sh)) AC=^ cr PROGRAM /home/work/test.sh flags(none) Recreate steps: 1. run test.sh # /home/work/test.sh ==^ ALLOWED 2. edit test.sh and insert comment line # vi /home/wor/test.sh insert line like ###### at bottom 3. run test.sh again # /home/work/test.sh ==^ EXPECTED result is PERMIT and /home/work/test.sh is trusted program ==^ ACTUAL is DENY | 1749 | T3DB126, T3DB127 |
| 220 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where HP-UX 11.11 crashed calling delay(). | AC125SP50518 | HP-UX | The delay() kernel function called by ac_w_lock_slot() is not available in HP-UX 11.11 or earlier version. Instead, the delay() function with different calling arguments from another kernel module was called. This led to system panic. | This only occurs on HP-UX 11.11. This may occur when there are multiple threads attempt to acquire read or write lock on the AC kernel table. | - | - | 1745 | T3E7147 |
| 221 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where shell becomes root after sesudo command. | AC125SP50519 | UNIX all | - | - | Comprehenssive solution for '*' in -c command. | - | 1747 | TC61291 TC61292 TC61293 TC61294 TC61295 TC61296 TC61258 TC61260 TC61261 TC61262 TC61259 TC61263 TC61297 |
| 222 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where seosd fails to start due to wrong filter in audit.cfg. | AC125SP50520 | Windows all | Allocated AuditMembersArray is not initialized with NUL, so its members points on invalid address, invoked later in strncmp as a parameter. | - | Add initilization of allocated AuditMembersArray, checking filter tokens and return ERROR_PARSING_CFG_LINE for reporting to Application Log about wrong filter. | Set filter FILE;*;NT AUTHORITYSYSTEM;*;*; with missing last token and start AC. It exits with error "Abnormal termination Service Thread" in Application Log. | 529, 565 | T4CC145, T5P7199 |
| 223 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where the system panicked when eAC_MM_file_ok() called bcopy(). | AC125SP50522 | UNIX all | Unexpected arguments passed to eAC_MM_file_ok(). | This occurs when an intercepted execve event fails and AC is down. | When AC is down, there is no need to check Maintenance Mode. | - | 1750 | T3E7149, T3E7150 |
| 224 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where PACL denies incorrectly with changed i-node, while the program is still trusted according to DB settings. | AC125SP50523 | UNIX all | seosd process table function explicitly searched for match of device and inode in program table and sets run time flag "trusted=0". | Program "vi" changes program i-node when file is saved. | Change procserver.c, call trpgmmgr_GetBestEntry() instead of trpgmmgr_GetTrustedProgByDevice() | Prepare: # echo TEST =^ /tmp/test.txt # mkdir /home/work # vi /home/work/test.sh #!/bin/bash cat /tmp/test.txt Rule: AC=^ ef /tmp/test.txt owner(nobody) audit(all) defacc(N) AC=^ auth file /tmp/test.txt uid(*) acc(ALL) via(pgm(/home/work/test.sh)) AC=^ cr PROGRAM /home/work/test.sh flags(none) Recreate steps: 1. run test.sh # /home/work/test.sh ==^ ALLOWED 2. edit test.sh and insert comment line # vi /home/wor/test.sh insert line like ###### at bottom 3. run test.sh again # /home/work/test.sh ==^ EXPECTED result is PERMIT and /home/work/test.sh is trusted program ==^ ACTUAL is DENY | 1749 | T3DB126, T3DB127 |
| 225 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where an application error occurs by cainstrm. | AC125SP50524 | Windows 2008 | Failure related to instrumentation unload. | - | - | - | 569 | T5P7201 |
| 226 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where shell becomes root after sesudo command. | AC125SP50528 | HP-UX | - | - | - | - | 1747 | TC61291, TC61292, TC61293, TC61294, TC61295, TC61296, TC61258, TC61260, TC61261, TC61262, TC61259, TC61263, TC61297 |
| 227 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where the user is unable to delete a policy. | AC125SP50534 | Windows all | It is because the hnode is deleted, the poilcy that is assigned to hnode is not able to be deleted. | a policy is assigned to one hnode. this hnode is deleted. Now, we cannot delete the policy. | Need code fixes for this problem. We cannot just check if the property EFFECT_ON is set with any value, we should check if there is an actual objects for EFFECT_ON. | 1. policydeploy -store TestPolicy -ds c:ds.txt -uds c:컯xt -dms DMS__@ 2. policydeploy -assign TestPolicy -hnode node_name -dms DMS__@ 3. selang, AC=^host DMS__@, AC=^rr HNODE node_name Now, you'll have a problem to delete the policy TestPolicy. 4. policydeploy -delete TestPolicy#01 -dms DMS__@ Error: ERROR: Cannot delete policy version TestPolicy#01 as it is effective on some HNODEs | - | - |
| 228 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where an application error occurs on the application exit, and the application crashes on DB plugins. | AC125SP50535 | Windows all | Found and fixed several bugs related to instrumentation unload code. | - | Found and fixed several bugs related to instrumentation unload code. | Use instmstress QA utility with runasplg plugin configured to run on the utility. Expected result - utility finish it's work normally. Fault conditions - utility crashes. | 569 | T5P7201 |
| 229 | 3 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where grace count decreases to 2 for each login when Customer logs in on Windows 2008 R2(x64) as Domain Controller. | AC125SP50536 | Windows all | dual login events are created and AC sub auth package catch them | 1.DC on Windows 2008 R2 2.login after lock the screen | - | Windows 2008 R2(x64) as DC / AC R12.5 SP4 1.enable AC password class 2.create a test user with grace count 3.login DC by the test user via GINA 4.verify 1 grace count is decremented 5.lock the screen by open Start -=^ Lock 6.login DC again 7.verify dual LOGIN audit record appear and 2 grace count is decremented 07 May 2012 13:38:10 P LOGIN murte01 55 2 AD.test.com C:\Windows\System32\lsass.exe 07 May 2012 13:38:10 P LOGIN murte01 55 2 AD.test.com C:\Windows\System32\lsass.exe 8.add the reg value [HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\SeOSD] "GraceDecrementInterval"=5000(=5000 msec) 9.start AC and repeat step 5,6 10.verify dual LOGIN audit record appear and only 1 grace count is decremented | - | - |
| 230 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where an expired user password grace count is decremented after connecting each time to the host with selang "host" or "hosts" command. | AC125SP50540 | Windows all | - | - | SeOSAgent reconized this type of logon writes User and Domain to special named shared memory from where eACSubAuth.dll notified through the signaled event reads this data and comparing with User/Domain camed from LSA is able to recognize that Logon acually is initiated by SeOSAgent allowing to avoid excessive authorization. | 1. Create user eu ^=hostname=^tuser password(xxxxxx) admin eu ^=hostname=^tuser grace(50) 2. Create and authorize terminal for other EP er terminal(^=other EP=^) defacc(R) audit(a) auth terminal(^=other EP=^) uid(tuser) acc(a) 3. From selang ^=other EP=^ host ^=hostname=^ uid(tuser) password(xxxxxx) OR Connect to ^=hostname=^ from EM. 4. Check on ^=hostname=^ decremented grace su ^=hostname=^tuser | 565 | T5P7199 |
| 231 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where an "or" is observed in AccessControl_install.log during upgrade. | AC125SP50542 | UNIX all | Correct dir is /opt/CA/AccessControl/data/japanese_euc_jis-0208/etc/eACLicenseAgreementUNIX_japanese_euc_jis-0208.txt | Upgrade 12.5SP5 | - | 1.install AC12.5SP2 2.upgrade AC12.5SP5 3.check AccessControl_install.log | - | - |
| 232 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where sepmdpull allocate huge memory. | AC125SP50545 | UNIX all | Sepmdpull consume huge memory when encrypt/decrypt keys or encryption package does not match with parent pmd. | Different encrypt/decrypt keys defined between parent pmd machine and subscriber machine. | Fix difference in encrypt/decrypt keys | 1.Install AC with default encrypt key on machine A 2.Install AC with different encrypt key on machine B 3.Set token panrent_pmd to machine A Example:pmd1@machine B 4.Start AC on both machine 5.Run sepmdpull -a 6.verify sepmdpull will not allocate huge memory | 1766 | T4CC181 |
| 233 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where an application error occurs on the application exit and the application crashes on DB plugins. | AC125SP50546 | AIX | - | - | - | - | - | - |
| 234 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where MtM unsafe for plug-ins unload. | AC125SP50547 | Windows all | MtM unsafe for plug-ins unload | MtM unsafe for plug-ins unload | Removed MtM | See QA notes | 569 | T5P7201 |
| 235 | 2 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where the policy works only for the first 128 Windows groups. | AC125SP50550 | UNIX all | - | - | - | - | - | - |
| 236 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where selogrd on Solaris does not send SNMP traps. | AC125SP50552 | LINUX all | selogrd did not sent by IPv4 where IPv6 fails | IPv6 fails | - | Environment: Solaris10, CA CM r12.6GA [STEPS] 1. I created a selogrd.ext file in $SEOSDIR/etc as follows. # cat selogrd.ext snmp /opt/CA/AccessControl/lib/snmp.so # ls -la selogrd.ext -rw-r--r-- 1 root root 39 4/ 20 12:36 selogrd.ext 2. I created a selogrd.cfg file in $SEOSDIR/log as follows. ==selogrd.cfg== SnmpTrap snmp miyhi02-xp-2 include Class(*FILE*) Code(*). ^=dot=^ ========== # ls -la selogrd.cfg -rw-r--r-- 1 root root 1347 4/20 13:09 selogrd.cfg expected result: snmp trap is sent to miyhi02-xp-2 | - | - |
| 237 | 2 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where even when DB rules allow, SURROGATE denies it. | AC125SP50554 | UNIX all | Wrong ACEE reference counting | - | This package makes two changes: 1) kernel function SEOS_procserver_update() will change references to "old" and "new" acee 2) kernel exit function will check real references in process table when reference counter is equal 1, meaning - last reference. | - | 1758 | T3DB128 |
| 238 | 3 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where seosd does not completely cleanup on shut down. | AC125SP50555 | UNIX all | AccessControl did not run full cleanup when seosd is killed by seoswd. | seosd cores dump when seoswd kills it and then seosd starts up. | Apply a new seosd that do a full cleanup. | It is hard to see the problem. It is a problem that ACEEH is associated incorrectly with process. A process got an incorrect ACEEH. Here is the steps that the client reproduced. 1. vi seos.ini kill_ignore = no 2. kill -7 [seosd's pid] 3. When AccessControl starts up, certain process got an incorrect username according to AccessControl. Please run test with step 1 and 2. If AccessControl can startup without any problem, then it works. | 1757 | T243979 |
| 239 | 1 | Unix Endpoint User Mode | Fixes an issue with ControlMinder where system crashes in fi_detach_q on HPUX due to the race condition between net_str_cached and AC detaching the queue. | AC125SP50556 | HP-UX | - | - | - | - | 1762 | TC61311 |
| 240 | 2 | Windows Endpoint Kernel Mode | Fixes an issue with ControlMinder where despite denial of operation while terminating seosd watchdog, ControlMinder does not log the audit message. | AC125SP50557 | Windows all | Loop hole protection functionality overlapped with class process functionality. | Removed process termination mask from loophole protectiopn, it should be cobvvered by class process. | Removed process termination mask from loophole protectiopn, it should be cobvvered by class process. | Try to terminate seosd watchdog - see that despite denial of the operation, AC log contains no appropriate auidt message. | 571 | T5P7202 |
| 241 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where system crashes in fi_detach_q on HPUX due to the race condition between net_str_cached and ControlMinder detaching the queue. | AC125SP50561 | HP-UX | order of the commands. | - | - | - | 1762 | TC61311 |
| 242 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where PACL for trusted script is ignored. | AC125SP50563 | UNIX all | function ProcServer_get_info() chacks if current process is trusted script (it is true) returns current program (gzip) and ignores verification that old_arg0 is trusted script and should be used instead. | - | Check that old_arg0, if it is trusted script use it as program name. | Not reproduced in Lab | 1759 | T3DB129 |
| 243 | 3 | UNIX Endpoint User Mode | Fixes an issue where ControlMinder returns incorrect UID in a cloning session. | AC125SP50564 | UNIX all | CM didn't get the uid correctly from /proc/[pid]/stat and that is why the user is not recognized correctly. | a user logs in via sshd. files is /proce/[pid]/ are owner by root. restart of AccessControl, the user is recognized as "root". | We need to obtain the uid from /proc/[pid]/status. | There is no way to reproduce the problem. It happens only in certain system that is running with a certain login application. The reproducing steps are: login as test01. restart AccessControl. now test01 is recognized as "root". | 1776 | T243986 |
| 244 | 2 | Windows Endpoint User Mode | Fixes an issue with ControlMinder where an application error occurs on exit, and the application crashes on DB plugins. | AC125SP50566 | Windows all | - | - | - | - | 569 | T5P7201 |
| 245 | 1 | UNIX Endpoint Kernel Mode | Fixes an issue with ControlMinder where via pgm of internal commands is denied when running a trusted script with 'sh -c' access. | AC125SP50567 | UNIX all | Proc flag in user mode was not set as script. | - | - | - | 1759 | TC61300 |
| 246 | 2 | Windows Endpoint User Mode UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the following error appears in the policyfetcher.log: Error, failed to fetch policy status for HNODE "nodename" | AC125SP50568 | Windows all, UNIX all | If no policies exist for this node(endpoint) then we are returning null in that case we are printing the error message(Error, failed to fetch policy status for HNODE "sweac01").We are changing the error message as a warning saying "No policies exist for this node as of now". | - | Changing Error message as a warning. | 1.Install endpoint pointing to ENTM Server 2.Before deploying any policies from DMS to endpoint observe below error message in policyfetcher.log(it exists under ^=EACInstallDir=^/log). "Error, failed to fetch policy status for HNODE "nodename"". | 1764 | T4A5070, T4A5066, T4A5067, T4A5068, T4A5069 |
| 247 | 2 | UNIX Endpoint User Mode | Fixes an issue with ControlMinder where the policyfetcher consumes high CPU usage. | AC125SP50570 | UNIX all | If policyfetcher fail to send data and already tried to re-connect to the current target, it get in infinite loop. | Policyfetcher fails data send/or receive twice on a target | - | - | 1767 | T4CC182, T4CC183 |