CA ControlMinder 12.6 SP3 FIXLIST
3920
24 October 2016
08 August 2016
| No. | Severity | Module | Problem Summary | Package | OS | Cause of the problem | Conditions | Solution or Workaround | Reproduction Steps |
| 1 | 2 | Unix endpoint kernel mode | Fixes an issue where CA ControlMinder users experience a three to four second delayed response when clicking on menus in GROUPWARE Web. Packet analysis (Using Wireshark packet analyzer) revealed around 2 of 5 SYNs sent did not receive ACKs. When ControlMinder is stopped or the stream is set to off, there was no problem. | AC126SP20754 | HPUX IA64 | Delays caused by AC flushq implementation speed | Enhance CA ControlMinder streams code to increase the flushq implementation process speed. | 1. Install Apache on HPUX 11.31 ia 64 with AC 12.5 SP5. 2. Open the browser, enter http:// (server ip). Then it opens the default apache webpage index.html. 3. While stream is ON, keep refreshing index.html page. 4. Two to three second delays occur 2 - 3 times of 5.. 5. While stream is OFF, delay never happened. |
|
| 2 | 2 | Win endpoint kernel mode | Fixes an issue where a CA ControlMinder customer receives a Stop Error screen | AC126SP20792 | Windows all | seosd memory corruption | 1. Install CA ControlMinder on Windows 2008 x64 system with TM AV installed (ensure that both OS and AV up to date). 2. Stop ControlMinder, change the QueueTimeout value from 10 to 1. 3. Add ControlMinder rules for file protection and network protection (This can be done with enable class TCP and by changing _default of class TCP to audit all). 4. Run netstress and fstress X 2 in an infinite cycle to produce stress on ControlMinder. 5. Run the following script with: @echo off :begin @echo Start phase 1 time /t seosd -start wait 1200 @echo Start phase 2 time /t secons -s @echo Stop phase 1 time /t wait 1200 @echo Start phase 3 time /t net stop seosdrv @echo Stop phase 3 time /t wait 1200 seosd -start wait 1200 @echo Start phase 4 time /t net stop seosdrv @echo Stop phase 4.1 time /t secons -s @echo Stop phase 4.2 time /t wait 1200 goto begin. 6. Execute the test for at least 24 hours and, if seosd crashes during the test, it is separate issue. EXPECTED RESULT: - No Stop Error screen. (The driver verifier must be enabled). |
||
| 3 | 2 | UNAB | Fixes an issue where after UNAB , sudo denies access to users who previously had access | AC126SP20814 | Solaris Sparc | Sudo does not work with UNAB because the Solaris initgroups API, which calls the internal API _getgroupsbymember() that interacts with the NSS subsystem and incorrectly obtains a list of user groups getting only the Active Directory groups when the user has a mix of local and Active Directory groups. | Set Active Directory user groups in pam_uxauth.so to ensure correct output from id -a and sudo operation Note: customers with Active Directory users who are also members of local groups encountering the problem with 12.6SP2 |
||
| 4 | 2 | Unix endpoint kernel mode | Fixes an issue where a customer experiences delays when they attempt to refresh an application Web page by implementing syscall hooking for network events | AC126SP20927 | Solaris Sparc | Root cause is unknown | Httpd refresh of Web page | Implement syscall hooking for network events as a workaround to bypass STREAMS usage for network events. | |
| 5 | 2 | Unix endpoint user mode Unix endpoint kernel mode |
Fixes an issue where a customer experiences delays when they attempt to refresh an application Web page by implementing syscall hooking for network events | AC126SP20927 AC126SP20928 |
HPUX PA-RISC,HPUX IA64 | Root cause is unknown | Implement syscall hooking for network events as a workaround to bypass STREAMS usage for network events. | ||
| 6 | 2 | Unix endpoint kernel mode | Fixes an issue where a customer experiences delays when they attempt to refresh an application Web page by implementing syscall hooking for network events | AC126SP20867 | Solaris Sparc | Root cause is unknown | SSH tunneling, CM streams enabled. | Workaround in this package implements syscall hooking for network events to bypass STREAMS usage for network events. | |
| 7 | 3 | Unix endpoint user mode | Fixes a CA ControlMinder issue where Serevu is creating an audit event warning for root, even when root authorized for access. | AC126SP20904 | LINUX all | The ControlMinder kernel detects the end of the gnome session and assumes it is GDM logout event. On GDM, the logout kernel cleans ACEE handler associated with the GDM session and ControlMinder assigns the acee=1 (root) handler for GDM when starting. This ACEE is associated for other root processes so logout removes ACEE=1 causing other root processes to be undefined. | root GDM logout | Configure the seosd to assign new ACEE for LOGINAPPL root programs when starting. | 1. Log into root via GDM (GUI console) 2. Login into another root session via ssh 3. Start ControlMinder 4. Logout of root GDM 5. in ssh session - 5.1 run "sewhoami" - EXPECTED root - 5.2 Run secons -k 19 - EXPECTED RESULT: A few "gdm" processes are undefined user with other processes unchanged. |
| 8 | 1 | Unix endpoint kernel mode | Fixes an issue where the Enterprise Management Server on Solaris crashes when the explorer is launched. | AC126SP20929 | Solaris Sparc,Solaris x86 | ControlMinder and Dtrace unhook out of order and, depending on which product starts first, results in system panic or being not able to unload SEOS_syscall. | AC and Dtrace hook and unhook out of order. | Start CA ControlMinder before Dtrace. Create a new token, called dtrace_coexistence in the SEOS_syscall section in seos.ini. This token will determine how ControlMinder co-exists with Dtrace. When the token is set to the default, 0, ControlMinder will hook and unhook as usual. When set to 1, ControlMinder will overwrite Dtrace interception and temporarily disable Dtrace interception. Restart Dtrace to re-enable Dtrace interception. When set to 2, ControlMinder will chain itself before Dtrace, unlike the usual LIFO method. | To reproduce the panic: 0. Reboot. 1. Load SEOS_syscall only. 2. Run a Dtrace script. For example, dtrace -n syscall:::entry'/pid == 333/{ @syscalls[probefunc] = count(); }' where 333 is inetd's PID. 3. Start ControlMinder. 4. Terminate the Dtrace script. 5. Re-run the Dtrace script. This will cause panic. |
| 9 | 3 | Unix endpoint user mode | Fixes and issue where a CA ControlMinder crashed when loading SEOS_syscall | AC126SP20920 | Solaris Sparc | System Crash was due to loading the wrong SEOS_syscall kernel module and the kernel function accessed the wrong pointer. | Modify the scrip and set "OSMIC=c" so it will load the correct module, then run SEOS_load -u and SEOS_load again so it calls "getvar.sh" and sets the appropriate SEOS_syscall link.. | ||
| 10 | 1 | Unix endpoint kernel mode | Fixes an issue where ControlMinder experienced stack overflow when running Tripwire and CA ControlMinder | AC126SP20923 AC126SP20929 |
Solaris Sparc,Solaris x86 | Problems occur when AC and Dtrace unhook out of order. Depending on which product starts first, it could result in system panic or being not able to unload SEOS_syscall. | AC and Dtrace hook and unhook out of order. | Solutions: 1. The minor fix for the SEOS_syscall unload problem is to reset the SEOSF_DISABLE_FAIL flag when AC has successfully enabled system call hooks. 2. The major fix is to check if Dtrace has been unhooked out of order when CA ControlMinder is trying to unhook. If so, restore the original function pointer stored in systrace_sysentand not the one in replace_sysc. This will prevent system panic. Workarounds: 1.Always start ControlMinder before running any Dtrace sessions. 2. When stopping ControlMinder, ensure that all Dtrace sessions have been terminated. ControlMinder is stopped out of order, then do the following a. Restart ControlMinder. b. Make sure all Dtrace sessions are terminated c. Stop ControlMinder d. Restart ControlMinder e. Stop ControlMinder and unload SEOS_syscall |
There are two issues in this problem. One will cause system panic and the other will prevent SEOS_syscall from unloading. To reproduce the panic: Reboot. 1. Load SEOS_syscall only. 2. Run a Dtrace script. For example, dtrace -n syscall:::entry'/pid == 333/{ @syscalls[probefunc] = count(); }' where 333 is inetd's PID. 3. Start AC. 4. Terminate the Dtrace script. 5. Stop ControlMinder (do not unload SEOS_syscall). 6. Restart ControlMinder. 7. Re-run the Dtrace script. This will cause panic. To reproduce not able to unload SEOS_syscall: 0. Reboot. 1. Start ControlMinder. 2. Run a Dtrace script. (See above.) 3. Stop AC (do not unload SEOS_syscall). 4. Terminate the Dtrace script. 5. Restart ControlMinder. 6. Re-run the Dtrace script. 7. Terminate the Dtrace script. 8. Stop ControlMinder. 9. Unload SEOS_syscall. This will fail. |
| 11 | 2 | Win endpoint user mode Unix endpoint user mode |
Fixes a CA ControlMinder issue where changing the +reportagent password for multiple endpoints results in garbled passwords | AC126SP20915 | Windows all | In ACMQ_Management static library ACMQCredentialsManagment_pre() conveys value from property "OLD_PASSWD" instead "CLR_PASSWD" used for updating acmqclient.dat. | Replace the property "OLD_PASSWD" with "CLR_PASSWD" in function ACMQCredentialsManagment_pre(). | 1. Stop ControlMinder 2. selang -l AC=^ eu +ReportAgent password(secret) grace- nonative 3. Run ReportAgent in debug: ReportAgent.exe -debug 0 -task 1 generates error [ACMQ TIBCO ERROR]: tibemsConnectionFactory_CreateConnection failed on line: 878 with error: 6; 4. Start ControlMinder 5. selang AC=^ eu +ReportAgent password(secret) grace- nonative 6. Stop ControlMinder 7. Run ReportAgent in debug: ReportAgent.exe -debug 0 -task 1 gives the same error. |
|
| 12 | 2 | UNAB | Fixes an issue with UNAB where the uxconsole -register command shows the final message: "Could not obtain a list of sites in <customer.site>." |
AC126SP20909 | Unix all | uxconsole is restricted to a 1,000 site limit which is insufficient for the customer | Implement enhancement to update the uxconsole object code to use paged LDAP retrieval so it is no longer restricted to 1000 sites. | ||
| 13 | 2 | UNAB | Fixes a an issue with CA ControlMinder where users are unable to login with SSH keys. |
AC126SP20900 | Unix all | The SSH daemon creates a core file |
check that the conversation function pointer is set before dereferencing/calling it which avoids calling the conversation function when it is not set | ||
| 14 | 2 | Unix endpoint kernel mode | Fixes an issue where a file rule changes involving a file covered by the GAC mask, resulted in GAC table not getting flushed |
AC126SP20901 | Unix all | Activate ControlMinder_DCMfileWash() function and called it when file rules have changed. | |||
| 15 | 3 | Unix endpoint user mode | Fixes an issue where after uninstalling UNAB the system-auth symbolic link becomes a real file | AC126SP20905 | LINUX all | Product uninstall overwrites the symbolic link and changes it to a real file. A check of the symbolic link is needed. | pam conf is symbolic link | Implement a new function "Check_jump_on_new_linux_pam()" after conf_file=$1 line that that checks if a symbolic link is needed and restores the real PAM config as a symbolic link | 1.cd /etc/pam.d 2.mv system-auth system-auth-ac 3.ln -s system-auth-ac system-auth 4.install ControlMinder 5.uninstall ControlMinder expected result: symbolic link system-auth remains actual result: system-auth is real file |
| 16 | 3 | Unix endpoint user mode | Enhanced the sesudo utility with warning mode to verify resource and class WARNING mode. By default warning message are not printed unless token "echo_command=yes" |
AC126SP20894 | Unix all | ||||
| 17 | 2 | Win endpoint user mode Unix endpoint user mode |
Fixes a CA ControlMinder issue where the AgentManager crashes during startup. | AC126SP20896 | Windows all Unix all |
The VM image is not configured properly | Implement fix to reconfigure the VM image. | ||
| 18 | 3 | Win endpoint user mode | Fixes an issue with ControlMinder where PACL allows to define an asterisk as a program name, which actually does not work as PACL. | AC126SP20897 | Windows all | A asterisk can be defined as a generic policy. | Don't specify a asterisk for PACL | 1. er FILE c:\\temp\\share\\* owner(nobody) defacc(none) audit(a) 2. auth FILE c:\\temp\\share\\* uid("Administrator") access(all) via(pgm(*)) Actual result: auth command succeed. However, Administrator can't access c:\\temp\\share\\* even the PACL exists Expected result: Can't add PACL with a asterisk |
|
| 19 | 3 | Unix endpoint user mode | Fixes an issue with ControlMinder where PACL allows to define an asterisk as a program name, which actually does not work as PACL. | AC126SP20898 | Unix all | A asterisk can be defined as a generic policy. | Don't specify a asterisk for PACL | 1. er FILE c:\\\\temp\\\\share\\\\* owner(nobody) defacc(none) audit(a) 2. auth FILE c:\\\\temp\\\\share\\\\* uid("Administrator") access(all) via(pgm(*)) Actual result: auth command succeed. However, Administrator can't access c:\\\\temp\\\\share\\\\* even the PACL exists Expected result: Can't add PACL with a asterisk |
|
| 20 | 2 | Win endpoint user mode | Fixes an issue where an XUSER is not created when a domain user login. The XUSER is created only if the user that logs in to the system is a local user of the Windows Server and not if the user belong to the same domain or a different domain of the Windows Server. | AC126SP20888 | Windows x64 | The 'Logon Session Id' is already mapped to the ACEE handle case and does not create XUSER. | 'Logon Session Id' was already mapped to ACEE handle when user log in workstation. | 1. Remove XUSER/XGROUP and all FILE /GFILE rules 2. Log in 3. No XUSER has been defined. |
|
| 21 | 3 | Unix endpoint user mode | Fixes a CA ControlMinder issue where seversion crashes and generates segmentation fault errors |
AC126SP20891 | LINUX x64 | Buffer overflow in seversion_search() | Bypass path to directories and secure by checking current array index in loop. | 1. Install CA ControlMinder on LINUX x64 RH 5.9 - 6.4. 2. Invoke seversion -a /opt/CA/AccessControl/lib 3. Expected result Module Name: Version+(Min) Compilation Date ../lib/ N/A.N/A No Compilation Date Actual result: Segmentation fault (core dumped) |
|
| 22 | 4 | UNAB | Fixes an issue where UNAB is installed on Solaris with a Grid Control agent that is configured to work with PAM and all grid control functionality works fine accept executing OS commands |
AC126SP20892 | Unix all | Error in the 64-bit case code | Correct 64-bit case code and upload corrected official 64-bit pam_uxauth.so module. | ||
| 23 | 3 | Win endpoint user mode | Fixes a CA ControlMinder policy verification issue where policyfetcher attempts to copy the seosdb to a temp directory and run the policy script against the directory (seosdbpolicy_verification is set to yes). As a result an error is displayed in the policyfetcher.log and the policy is not deployed. | AC126SP20882 | Windows all | During the database backup, the seos.error and seos.audit files from the last policy verification were not removed | It is on Windows and it happens for the second policy deployment. There is no problem for the first deployment. | Apply the seosd.exe fix or turn policy_verfication off. | In regedit set policy_verification = yes or 1. Create 2 simple policies and assign them to a GHNODE. 2. Add an endpoint to the GHNODE and wait for the next cycle of policyfetcher in the endpoint; an error appears in policyfetcher.log. for example, p1 and p2 are created. Assign p1 and p2 to a GHNODE TestGrp. and run AC=^er GHNODE TestGrp mem(endpoint). The two policies p1 and p2 will be fetched by the policyfetcher in the endpoint. Here is the error. 04:20:23@Mar 17 2013 - verification option: copy the database to C:\Program Files\CA\AccessControl\Data\deploy_check_db 04:20:23@Mar 17 2013 - verification option: failed to copy the database to C:\Program Files\CA\AccessControl\Data\deploy_check_db, rv = 631 |
| 24 | 3 | Unix endpoint user mode | Fixes a CA ControlMinder policy verification issue where policyfetcher attempts to copy the seosdb to a temp directory and run the policy script against the directory (seosdbpolicy_verification is set to yes). As a result an error is displayed in the policyfetcher.log and the policy is not deployed. | AC126SP20883 | Unix all | During the database backup, the seos.error and seos.audit files from the last policy verification were not removed | policy_verification is on. | Apply the seosd.exe fix or turn policy_verfication off. | On the endpoint, . vi seos.ini policy_verification = yes On the DMS__ server, create a policy and then assign the policy to this endpoint. |
| 25 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where sudo program reads resource warning mode but did not apply it for access rules. Program sudo does not check class SUDO in warning. | AC126SP20875 | Unix all | sudo does not apply warning mode when authorizing access | sudo rule in warning mode | If sudo rule has warning mode then allow access to sudo resource and save appropriate audit. | 1. set sudo rules AC=^ er program /opt/CA/AccessControl/bin/sesudo defaccess(x) AC=^ nr SUDO rm data('/usr/bin/rm;-rf;') defaccess(n) warning 2. login as 'test' user and run % ./sesudo -list rm : /usr/bin/rm;-rf; $ touch /tmp/test $ ./sesudo rm -rf /tmp/test sesudo: You are not allowed to use '-rf' as parameter number 1. EXPECTED: allowed access and warning audit record =============================== Test also SUDO class in warning mode AC=^ so class(SUDO) flags+(W) |
| 26 | 2 | UNAB | Fixes an issue with UNAB where running uxauthd on multiple systems results In an error (ID 406823 user.error) when attempting to authenticate login | AC126SP20876 | Unix all | SHM segment is removed by the shrdemon process called shrdemon which is part of the Toolgrade product. |
Upload a uxauthd binary to keep the number of attached processes for UNAB's sSHM segment at 1 | ||
| 27 | 3 | Unix endpoint user mode | Fixes a CA ControlMinder issue where the PMD loses connection to the localhost. | AC126SP20877 | Unix all | Authorization failed due to a coding issue where the uid is missing for seagent exit login. | Please see reproduce steps. we have to run AC=^env pmd to reproduce the problem. | Workaround is to run "host localhost" again and reconnect to the database to get the uid in seagent exit. | 1. login as root or CM admin 2. AC=^env Unix AC(UNIX)=^nu user01, AC(UNIX)=^ng TESTGRP AC(UNIX)=^join user01 group(TESTGRP) AC(UNIX)=^ env seos AC=^ exg TESTGRP admin AC=^ auth terminal hostname.ca.com xgid(TESTGRP) access(all) 3. login as user01 and then run selang 4. AC=^env pmd 5. AC=^env seos AC=^find user ----=^ You are not connected to any pmdb. you should not see the message above. |
| 28 | 3 | Unix endpoint user mode | Fixes an issue with ControlMinder on Linux X64 system, where if the install_base script is run without any parameters, errors are displayed. | AC126SP20878 | All | Both tar.Z files in place are valid for the X64 system. | We have to run this on a Linux X64 system and we'll have to have both x86 and X64 package in place. | For a X64 system, enter the parameter (./install_base _LINUX_X64_126.tar.Z) in the command line and do not let install_base guess. | On a Linux X64 system, please have both _LINUX_126.tar.Z and _LINUX_X64_126.tar.Z on a same directory. Please run ./install_base without any arguments, then you'll see the problem as below. ERROR: Installation file not found ERROR: Linux installation file is missing from ./ (./_LINUX_???.tar.gz) Aborting installation procedure |
| 29 | 2 | UNAB | Fixes an issue with UNAB where the UNAB PAM conflicts with Linux authconfig resulting in lost UANB PAM hooks. | AC126SP20865 | LINUX all | authconfig utility on AS 5.x and 6.x re-writes system-auth (and password-auth if exists) so UANB PAM hooks are lost. | authconfig conflict with UNAB PAM hooks. | UNAB PAM install script will modify system-auth (and password-auth if exists) to be a link to system-auth-cm so UNAB PAM hooks will not be stepped over by authconfig which will make its' changes in system-auth-ac (and password-auth-ac if exists). We've introduced a tool that merges authconfig changes into system-auth (and password-auth if exists). | Run 'authconfig --update' after installing UNAB. system-auth (and password-auth if exists) will no longer have UNAB PAM hooks. |
| 30 | 3 | Win endpoint user mode | Fixes an issue where a CA ControlMinder RDP login session takes 20 to 30 seconds to disconnect | AC126SP20869 | Windows all | Applied TERMINAL rule auth access(none) causes a delay before closing the RDP connection. | .Apply previous fix so that the terminal service thread will not resolve hostnames of unneeded sessions | ||
| 31 | 3 | Win endpoint user mode | Fixes a CA ControlMinder issue where a false successful audit log records is generated when adding a user that is found in the USER class to the XUSER class. | AC126SP20870 | Windows all | it always returns success regardless of whether or not the user exist in different class. | when add a AC user, same user already exist in xuser class when add a OS user, same user already exist in user class | 1,Install ControlMinder with OS user enable. 2.Create a user in user class AC=^ eu (user) audit(all) (localhost) Successfully created USER ENU\administrator 3.Create same user in xuser class AC=^ exu () audit(all) (localhost) ERROR: Failed to create XUSER ERROR: USER (user)r already exists in database. Expected result: audit record of exu command is Fail actual result: audit record of exu command is Success 25 Feb 2013 19:34:17 S UPDATE XUSER (user) |
|
| 32 | 3 | Unix endpoint user mode | Fixes a CA ControlMinder issue where a false successful audit log records is generated when adding a user that is found in the USER class to the XUSER class. | AC126SP20870 AC126SP20871 |
Unix all | it always returns success regardless of whether or not the user exist in different class. | when add a AC user, same user already exist in xuser class when add a OS user, same user already exist in user class | 1,Install ControlMinder with OS user enable. 2.Create a user in user class AC=^ eu (user) audit(all) (localhost) Successfully created USER ENU\administrator 3.Create same user in xuser class AC=^ exu () audit(all) (localhost) ERROR: Failed to create XUSER ERROR: USER (user)r already exists in database. Expected result: audit record of exu command is Fail actual result: audit record of exu command is Success 25 Feb 2013 19:34:17 S UPDATE XUSER (user) |
|
| 33 | 2 | Unix endpoint user mode | Fixes an issue with CA ControlMinder 12.6 SP1 on the AIX environment where General messages from serevu on syslog have ERR category. | AC126SP20872 | Unix all | seagent handshake not ready which created a CRIT handshake failed message | install CM with fips only | Implement fix (T4CC213) to delay startup of serevu 60 seconds before calling handshake with seagent to prevent CRIT handshake failed message. | 1,Install ControlMinder with OS user enable. 2.Create a user in user class AC=^ eu (user) audit(all) (localhost) Successfully created USER ENU\administrator 3.Create same user in xuser class AC=^ exu () audit(all) (localhost) ERROR: Failed to create XUSER ERROR: USER (user)r already exists in database. Expected result: audit record of exu command is Fail actual result: audit record of exu command is Success 25 Feb 2013 19:34:17 S UPDATE XUSER (user) |
| 34 | 2 | Unix endpoint user mode | Fixes a CA ControlMinder issue where a monitoring tool detects a possible private memory usage of selogrd. At a rate of 132 KB every 6 hours |
AC126SP20859 | Unix all | Shared libs are not freed causing selogrd memory leak | Configured selogrd to use shared objects. i.e.SNMP shared objects | Configure selogrd to use shared objects (i.e.SNMP) so shared libs are not freed on restart. | 1.create ./etc/selogrd.ext with the content cat snmp /opt/CA/AccessControl/lib/snmp.so 2.create ./log selogrd.cfg with the content CACM_SNMP_Warning snmp ^=hostname=^ include Class(*FILE*) Code(W). ^=dot=^ CACM_SNMP_Deny snmp ^=hostname=^ include Class(*FILE*) Code(D). exclude access(*Read*). exclude access(*Exec*). exclude access(*Chdir*). ^=dot=^ 3.run selogrd 4.observe process size of selogrd periodically by ps -axl |
| 35 | 3 | Win endpoint user mode | Fixes an issue where CA ControlMinder customer using Japanese string as XGROUP receive a garbled string with secons -checkSID -groups command. | AC126SP20860 | Windows all | Object name was not converted from UTF8 to Multibyte | object name of class is MB. | Convert object/account name from UTF8 to Multibyte | 1.Create Japanese objects in some classes(ex. user, group, etc...) 2.Run dbmgr -dump l ^=class=^ 3.Verify that the object name is not garbled. |
| 36 | 3 | Win endpoint user mode | Fixes an issue where CA ControlMinder customer using Japanese string as XGROUP receive a garbled string with secons -checkSID -groups command. | AC126SP20862 | Windows all | Account name was not converted from UTF8 to Multibyte | Japanese xgroup created in seosdb | Convert object/account name from UTF8 to Multibyte | 1.Create Japanese objects in some classes(ex. user, group, etc...) 2.Run dbmgr -dump l ^=class=^ 3.Verify that the object name is not garbled. |
| 37 | 2 | Unix endpoint kernel mode | Fixes an issue with CA ControlMinder where an error message is displayed when starting CA ControlMinder on an application appliance. | AC126SP20863 | LINUX x64 | Unsupported appliance configuration. | Upgrade the appliance to a supported kernel version. |
||
| 38 | 2 | Unix endpoint user mode | Fixes an issue where UNAB PAM installer does not update the file with pam_seos.so binaries.t due to a conflict with authconfig. | AC126SP20864 | LINUX all | The problem occurs the authconfig utility on AS 5.x and 6.x re-writes system-auth (and password-auth if exists) so UANB PAM hooks are lost. | authconfig conflict with CM PAM hooks. | Introduce a UNAB PAM post-install script that allows ControlMinder to coexist with 'authconfig' modifications to PAMconfiguration files. The script merges authconfig changes into system-auth (and password-auth if exists) to be a link to system-auth-cm so UNAB PAM hooks are not stepped over by authconfig which will make its' changes in system-auth-ac (and password-auth-ac if exists). The README file explains how to use the script. | Run 'authconfig --update' after installing CM. system-auth (and password-auth if exists) will no longer have CM PAM hooks. |
| 39 | 3 | Unix endpoint user mode | Fixes a UNAB issue where it takes Active Directory users using SSH four to ten minutes to login when the shell name is not set correctly. | AC126SP20850 | Unix all | When KBL is enabled, it tries to lookup then client IP address in DNS and KBL Audit Manager stops | kbl_enable = yes. The system use /bin/ksh93. The problem is it takes a long time to login. | Implement a new cmdlog design to let the login process execute cmdlog only. |
On RedHat Linux x64 bit system, the default shell is /bin/ksh93 with kbl_enabled = yes. |
| 40 | 2 | Unix endpoint user mode | Fixes an issue with CA ControlMinder on the AIX where General messages from serevu on syslog have ERR category. | AC126SP20872 AC126SP20851 |
Unix all | seagent handshake not ready which created a CRIT handshake failed message | Implement fix (T4CC213) to delay startup of serevu 60 seconds before calling handshake with seagent to prevent CRIT handshake failed message. | install CM with fips only set "serevu = yes" in seos.ini start CM and check syslog | |
| 41 | 2 | Unix endpoint user mode | Fixes a ControlMinder issue where if there are 2 HOSTNET rules defined as class B and Class C, Class B can be found but Class C is found on BIG ENDIAN. | AC126SP20843 | Unix all | ENDIAN is not checked for mask and handled same on all platform. | 1.BIG ENDIAN 2.there are 2 rules for HOSTNET defined as class B and Class C, | Rule: editres HOSTNET ("1025000") audit(FAILURE) owner('nobody') mask(255.255.0.0) match(10.250.0.0) authorize HOSTNET ("1025000") access(NONE) service(*) editres HOSTNET ("1025030") audit(FAILURE) owner('nobody') mask(255.255.255.0) match(10.250.3.0) authorize HOSTNET ("1025030") access(all) service(*) 1.enable HOST class 2.login from 10.250.3.x expected result: Access allowed by HOSTNET ("1025030") actual result: Access denied by HOSTNET ("1025000") | |
| 42 | 2 | Win endpoint user mode | Fixes a ControlMinder issue where if there are 2 HOSTNET rules defined as class B and Class C, Class B can be found but Class C is found on BIG ENDIAN. | AC126SP20845 | Solaris Sparc | Prioritize of mask is not correct. | there are 2 rules for HOSTNET defined as class B and Class C. | Rule: editres HOSTNET ("1025000") audit(FAILURE) owner('nobody') mask(255.255.0.0) match(10.250.0.0) authorize HOSTNET ("1025000") access(NONE) service(*) editres HOSTNET ("1025030") audit(FAILURE) owner('nobody') mask(255.255.255.0) match(10.250.3.0) authorize HOSTNET ("1025030") access(all) service(*) 1.enable HOST class 2.login from 10.250.3.x expected result: Access allowed by HOSTNET ("1025030") actual result: Access denied by HOSTNET ("1025000") | |
| 43 | 3 | Unix endpoint user mode | Fixes a UNAB issue where cmdlog generates wrong ut_id and the KBL agent updates wtmp file with wrong id. Two login sessions has the same ut_id. When one session terminates it affects another session with the same id. | AC126SP20846 | AIX | cmdlog generates wrong ut_id, KBL agent updates wtmp file with wrong id. Two login sessions has the same ut_id. When one session terminates it affects another session with the same id. | KBL enabled | kbl_build_new_utmp() build unique id from utmp line | 1. set in seos.ini kbl_enabled = yes 2. start CM 3. login as root (other host)=^ ssh my_host -l root (my host)# who -m root pts/4 Feb 27 20:04 (other host) 4. login as test =^ ssh ismeax14 -l test (my host)$ who -m test pts/6 Feb 27 20:05 (other host) 5. Logout test 6. Check root's "who -m" (my host)# who -m root pts/4 ^=------------------ missing date and terminal EXPECTED: the same output as in step 3 |
| 44 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where startup fails on AIX when EnablePolicyCache is set to 'yes' | AC126SP20847 | Unix all | Policy cache fetches property which does not exist. SDBIO layer returns SDBIO_E_ALLOCFAILED when trying allocate 0 bytes of memory | "EnablePolicyCache=yes" | sdbio will return 0 if property does not exist (DBIDX_E_NOTFOUND) before trying allocate 0 bytes | seos.ini "EnablePolicyCache=yes" start CM Result: the CM fails to start |
| 45 | 2 | Unix endpoint kernel mode | Fixes a ControlMinder issue where executing a chroot command using a mounting point as its new root generates an error message | AC126SP20848 | LINUX all | See Invest. notes and Problem summary above. | This occurs on Linux kernel 3.0 or greater and the new root for the chroot command is a mounting point. | Identify the correct lock for vfsmount struct access. | |
| 46 | 3 | Unix endpoint kernel mode | Fixes a ControlMinder issue where generic shell scripts is incorrectly recognized as a protected program when seosd trace is enabled. | AC126SP20834 | Unix all | Checked if it's shell scripts whenever EXEC is sent to seosd | seosd trace is enabled file access is allowed via pgm file access is done by the via pgm through sesu sesudo is called from generic shell scripts | 1.create work dir/file mkdir /tmp/test chmod 777 /tmp/test touch /tmp/test/date.log 2.create shell scripts test.sh and sesudo.sh /tmp/test.sh #!/bin/sh echo `date` =^ /tmp/test/date.log /tmp/sesudo.sh #!/bin/sh /opt/CA/AccessControl/bin/sesudo test 3.give the permissions chmod 777 /tmp/sesudo.sh chmod 777 /tmp/test.sh 4.create AC policies eu murte01 password(murte01) editres FILE ("/tmp/test/*") audit(ALL) defacc(READ) owner('root') authorize FILE ("/tmp/test/*") acc(a) id('*') via(pgm(/tmp/test.sh)) er program /opt/CA/AccessControl/bin/sesudo defacc(x) editres SUDO ("test") audit(FAILURE) comment('/tmp/test.sh;;*') defacc(NONE) owner('nobody') targuid('root') authorize SUDO ("test") acc(EXECUTE) uid('murte01') 5.run sesudo.sh sesudo.sh Expected result: run is successful Actual result: file access to "/tmp/test/*" is denied. |
|
| 47 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where user account that was created without a password is not disabled | AC126SP20838 | Unix all | in order to reproduce the problem, the user's password in /etc/shadow is left with * only. | Please apply the fix seagent. | AC=^eu user01 Unix vi /etc/shadow, please make sure there is a char * in the encryption field. AC=^eu user01 enable Unix vi /etc/shadow again, the * is gone and leaving the password field empty. | |
| 48 | 2 | Win endpoint user mode | Fixes a ControlMinder issue where the ReportAgent cuts off the value of the Distribution_Server for more the 6 URLs due to insufficient buffer size ( 255 bytes ) | AC126SP20840 | Windows all | Enlarge size of ServerURL to 2048 bytes and add tibems function for getting server URL currently activated. | |||
| 49 | 2 | Unix endpoint kernel mode | Fixes a ControlMinder issue where a Java process stopped responding because the realpath code that does the readdir() calls did not limit the number of calls to avoid a loop. | AC126SP20825 | HPUX PA-RISC, HPUX IA64 | AC realpath code that does the readdir() calls did not limit the number of calls to avoid a loop. | Java process blocking AC unload. | ||
| 50 | 3 | Unix endpoint kernel mode | SPECIALPGM FULL bypass flag ignored | AC126SP20817 | Unix all | There is a window between staring interception and pushing to kernel process table. Some processes may enter CM handler before entry is created in kernel process table. As result process is missing bypass flags. | SMP machine, specaialpgm full bypass, CM startup | 1. changes ProcServer_1st_round2kernel() to discover specialpgm bypass flags; 2. changes kernel function SEOS_procserver_update() and updates flags saved in kernel. |
Original issue discovered on HPUX The problem of not bypassed processes was reproduced. The home made program /opt/rational/clearcase/etc/albd_server generated 200 processes running setuid calls. Program was defined for bypass in DB AC=^ nr specialpgm /opt/ibm/RationalSDLC/clearcase/hp11_ia64/etc/db_server pgmtype(FULL) after starting /opt/rational/clearcase/etc/albd_server some child processes appeared in trace. |
| 51 | 3 | Unix endpoint kernel mode | Fixes an issue with ControlMinder where kernel handler for device protection returns invalid error | AC126SP20818 | Solaris Sparc | kernel handler for device protection returns invalid error | CM device protection enabled | Ignore FIFO device in mknod handler | seos.ini "file_rdevice_max = 100" start CM mkfifo /tmp/myfifo mkfifo: No such device EXPECTED: no errors |
| 52 | 3 | UNAB | Fixes an issue with UNAB where on startup the CASHCOMP value was not used because the token was set with quotes (") | AC126SP20822 | LINUX x64 | ||||
| 53 | 2 | Unix endpoint kernel mode | Fixes a ControlMinder issue where Red hat 6 workstation was not recognized and therefore module could not load. | AC126SP20806 | LINUX all | Workstation was not certified. Adding support with this package. | getvar.sh was updated to detect Workstation | ||
| 54 | 2 | Unix endpoint kernel mode | AC126SP20793 | Solaris Sparc | |||||
| 55 | 3 | Win endpoint user mode | Fixes a ControlMinder issue when during a Remote Desktop session the "Password Expire" screen is displayed instead of "Locked out" screen even though grace count reaches zero. | AC126SP20798 | Windows all | A certain condition of terminal authentication we adjust grace count. i.e. Increment + 1 for later decrement. If the grace count by previous terminal authentication is already 0 but we adjust seosd fail to deny on grace count. | perform remote RDP login when the user is grace count 0. | 1. On Box-B, Install AC and reboot. 2. Stop AC Set registry GraceCountForMessage 3 Set TermSrvTimeout 10000 (10 sec) or more over. Start AC AC=^ so class+(PASSWORD) AC=^ nu test01 password(password) AC=^ cu test01 grace(0) 2. RDP login from Box-A to Box-B with user "test01" Expected result: "The referenced account is currently locked out" Actual result: "Your password has expired and must be changed" |
|
| 56 | 3 | Unix endpoint user mode | Fixes a CA ControlMinder issue where attempting to connecting to an endpoint that is running ControlMinder 5.1 resulted in an error message. | AC126SP20765 | Unix all | It is a side effect from AC126SP11253. | We need to install 12.6 SP1 on one endpoint and install 5.1 on another endpoint and then try to connect from 12.6 sp1 to 5.1. | Please apply the files seagent, sepmdd and selang. | install 12.6 sp1 on one endpoint. Install 5.1 on another endpoint, note that we don't support this version anymore. Logon to the endpoint 12.6 sp1, and then run AC=^host endpoint51. On endpoint51, terminal class is disabled AC=^so Class-(TERMINAL) We'll get the error saying. ERROR: Unpacking of data failed (Client command) (10075) |
| 57 | 3 | Unix endpoint user mode | Fixes the description in the seos.ini file for the suid_cache_max token | AC126SP20766 | Unix all | ||||
| 58 | 2 | Unix endpoint kernel mode | Fixes a memory handling problem in ControlMinder SEOS_syscall | AC126SP20768 | Unix all | Faulty code. | Child trying to access parent's memory after parent exists | Fix code to dynamically allocate memory and copy parent's memory to child's. | |
| 59 | 2 | Unix endpoint kernel mode | Fixes a ControlMinder issue where attempting to start the agent with SEOS_load on CentOS 6.2 (2.6.32-220.el6.i686) fails with no errors in dmesg | AC126SP20750 | LINUX x86 | SEOS_systable_init() should no longer be used and will be removed completely in AC127 and later | Loading kernel module fails on fails on CentOS 6.2 (2.6.32-220.el6.i686) | No workaround. Solution is to apply fix | Not able to reproduce at CA. At customer site trying to load with SEOS_load on CentOS 6.2 (2.6.32-220.el6.i686) fails with no errors in dmesg |
| 60 | 2 | Unix endpoint user mode | Fixes a performance issue with ControlMinder where customer experienced delayed responses when running the seaudit -n parameter | AC126SP20752 | Unix all | seaudit try to get IP address of each _CRONJOB_. | Many LOGIN/LOGOUT records with _CRONJOB_. | ||
| 61 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue on AIX where a username with more than 8 characters causes the API function that used to update the password to fail. | AC126SP30099 | Unix all | Aix system's API function don't support username that is more than 8 characters. | We'll have to pick an AIX system that don't support long username (more than 8 characters.) | Please pick a user whose name is more than 8 characters. AC=^eu longusername01 password(xxxxxx) Please check /etc/security/passwd. the shadow password is not updated. | |
| 62 | 1 | Unix endpoint kernel mode | Fixes a ControlMinder issue where the interception code fails to handle *socket_addr and *socket_len passed as NULL into accept system call | AC126SP30007 | HPUX PA-RISC,HPUX IA64 | AC's interception code fails to handle *socket_addr and *socket_len passed as NULL into accept system call. When AC is running with SEOS_use_streams setting to no and SEOS_network_intercept_type setting to 2, it intercepts both connect and accept system calls. The connect and accept system calls are responsible for establishing a socket connection. When executing start_all to start Control-M, it appears to be hung. It is blocked when starting its Naming_Service. During Naming_Service's startup it creates a socket and listens to any connection request. It calls the accept system call to wait for and accept incoming connections. When making an accept system call, you need to specify the socket descriptor which you are listening to, an address to an area to receive the incoming connection's socket information, and an address of the length of the socket area. In Naming_Service, however, it uses an unusual way of calling accept. It does not provide address to receive the client's socket information. This means it accepts any connection blindly. The root cause is when AC intercepts the accept call, it checks the input parameters and finds they are NULL pointers, so it returns an EFAULT error. When the accept call fails, Naming_Service will retry after a short wait. With each retry it waits a little bit longer. In this case, it falls into this cycle indefinitely until AC is stopped and no longer intercepts the call. The fix is to ignore the NULL pointer in AC interception code and let the underlying system call function to handle it. | Handle NULL pointer in my_accept, my_accept2, my64_accept and my64_accept2. | On a system set up with Control-M. 1. Start AC with SEOS_use_streams=no SEOS_network_intercept_type=2. 2. Start Control-M by executing start_all as Control-M admin. 3. After entering password, it will hang. To get out, stop AC and Control-M will start successfully. To check the status of Control-M, execute check_all. To stop Control-M execute stop_all. |
|
| 63 | 2 | Unix endpoint user mode | Fixes an issue where pam.conf.uxauth.bk has reference to '#_uxauth' | AC126SP30128 | Unix all | ||||
| 64 | 3 | Unix endpoint user mode | Fixes an issue with UNAB when the ReportAgent failed with core dump on KBL audit records | AC126SP30130 | Unix all | See Invest. notes | Add check szKBLSessionType and szKBLSessionID to condition detecting "Raw" type. | ||
| 65 | 2 | Win endpoint user mode | Fixes a ControlMinder issue where TERMINAL class rules including wildcards in terminal name or IP address have no effect on authorization result | AC126SP30122 | Windows all | See Investigation mode | Added search TERMINAL objects matched client host name or IP in generic resource table ( objects with wildcards ). | On CM endpoint A: 1. Stop CM and specify TerminalSearchOrder = name,RDPIP in HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\SeOSD 2. Create user tuser. 3. Verify RDP login to A from host B for tuser. 4. Start CM 5. Create CM user tuser. eu tuser owner(nobody) 6. Create TERMINAL rule for IP of host B using wildcard like: er terminal(130.119.179.*) owner(nobody) defaccess(none) and check RDP connection from B. Expected result: Denied login Actual result: Permit login |
|
| 66 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where if KBL is enabled the command "logout" fails. | AC126SP30112 | Unix all | in cmdlog break main loop if input from user is "logout" | reproduced however error is different 1. install CM 2. seos.ini kbl_enabled=yes 3. logon to the system 4. # logout 3004-064 You must be the login user. |
||
| 67 | 2 | Unix endpoint user mode | Fixes a ControlMinder issue where error messages are displayed on startup | AC126SP30098 | LINUX s390 | In agent_manager.sh 1. OSMAJ is undefined 2. the same /tmp/_jver file is used and removed as in report_agent.sh | On Linux s390 configure CM for sending reports and for PUPM. Start CM running seload and verify output. | ||
| 68 | 3 | Win endpoint user mode | Fixes a ControlMinder issue where executing the command "dmsmgr -config- -endpoint" tries to remove nonremovable record and resulted in an error message | AC126SP30086 | Windows all | 1. Run CM 2. "dmsmgr -config -endpoint" 3. "dmsmgr -config- -endpoint" prints (localhost) ERROR: Failed to delete record from database Record is marked as nonremovable and produces audit record for failed command: "F UPDATE HNODE tzual01w3srv\\Administrator 305 0 __local__ tzual01w3srv rmres HNODE __local__" |
|||
| 69 | 3 | Unix endpoint kernel mode | Fixes a ControlMinder issue where user cannot run the chmod command while the agent is running | AC126SP30090 | LINUX s390 | CM kernel wrapper my_execve32() fails get file name for /bin/chmod | java 32-bit on s390x 64-bit RH6 or SUSE 11 | fix my_execve32() to mask input file name pointer | On 32-bit java Create simple java code to call "chmod ^=test/dir=^" Start CM Run java, it shows and error: Cannot run program "chmod": java.io.IOException: error=14, Bad address EXPECTED: no errors |
| 70 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where running the support.sh script on Solaris 11 generates error messages | AC126SP30080 | Unix all | See Invest.notes. | Solaris 11. | On Solaris 11, the standard /usr/bin/ps command supports all options from the UCB version of ps. For Solaris 11, use /usr/bin/ps instead of /usr/ucb/ps. On Solaris 11, if the showrev command does not exist then do execute it. Everything showrev shows is available in the "uname -a" command. | On a Solaris 11 system, execute "support.sh". |
| 71 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where the agent crashed on shutdown | AC126SP30081 | Unix all | entering termination procedure twice | unknown | do not enter seosd termination twice | |
| 72 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue with selang where entering commands caused the agent to crash | AC126SP30074 | Unix all | See "Invest.notes". | trailing blanks. | Save the memory pointer for the free call later. | |
| 73 | 2 | Unix endpoint user mode | Fixes a ControlMinder issue where the issec command displayed processes named 'watchdog' as belonging to ControlMinder | AC126SP30071 | Unix all | ||||
| 74 | 2 | Win endpoint user mode | Fixes a ControlMinder issue where memory corruption occurred on systems with non-typical network configuration. The networks use NetBIOS over TCP/IP for name resolution having specifications in hosts file like "IP NETBIOSNAME" which do not include FQDN of remote machine | AC126SP30051 | windows all | auth_GetObjWithFQDN() invokes strcpy((char *)originalObjectName, podf-=^szOName); that writes to memory after the end of the heap allocated buffer as follows: originalObjectName was allocated exactly to size of NetBIOS name "BBB00666" to which RDP client host was resolved on AC endpoint in this concrete network configuration; podf-=^szOName buffer contained more long "BBB00666.corp.orix.local" FQDN from TERMINAL object definition. | Fixed by reallocation memory addressed by originalObjectName to the size matching predefined szOName buffer size. | Repeat RDP connect/disconnect from remote host to AC endpoint authorized through TERMINAL rules. The memory corruption occurred on system having not typical network configuration using NetBIOS over TCP/IP for name resolution having specifications in hosts file like "IP NETBIOSNAME" which do not include FQDN of remote machine. Testing on hosts having common network settings did not detect the issue. | |
| 75 | 2 | Unix endpoint kernel mode | There is a defect in X86_64 Solaris. The modctl system call returns an invalid return code that prevents AC from determining if SEOS_syscall kernel module is loaded or not. When this happens, AC relies on the existence of the SEOS_syscall entry in the /etc/name_to_sysnum file to determine if SEOS_syscall is loaded or not. When this SEOS_syscall entry in /etc/name_to_sysnum is out of sync with SEOS_syscall module's load status, it causes the problem. | AC126SP30053 | Solaris x86 | The reason the SEOS_syscall entry is out of sync with SEOS_syscall is because RC scripts, K28SEOS and S68SEOS insert the SEOS_syscall entry to /etc/name_to_sysnum to be a placeholder to prevent other products from using this system call slot. | See Invest.notes. | Removing handling of name_to_sysnum in S68SEOS and K28SEOS. | 1. Install AC. 2. Optionally start AC and shut down AC. 3. Reboot system with or without AC kernel loaded. 4. Don't start AC during or after booting. 5. Try to telnet to the system using a user account that has Korn Shell as its default shell. 6. Connection will be rejected. |
| 76 | 2 | Win endpoint kernel mode | Fixes a ControlMinder issue where DAYTIMERES option does not enforce "restrictions(days(AnyDay) time(0100:1000))" in TCP inbound connection | AC126SP30043 | Windows all | See description | See description | Fixed driver code to handle correctly the scenario | |
| 77 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where the seaudit -a command causes the utility to crash and the default -tr causes the utility to continuously process data | AC126SP30045 | Unix all | 1. Attempt to reference data of NULL pointer dbx) where [1] rle_ExpandBuff(src = (nil), size = 140, dest = 0x106b20, rectype = 5), line 138 in "rle.c" ==^[2] auditlog_ReadNextRecord(pFilter = 0x106638, plfAudit = 0x11725c, offs = 0xffbfd738, plr = 0xffbfd698, data = 0x106b20, pDataSize = 0xffbfd688), line 513 in "audit_read.c" [3] auditlog_GetNextRecord(offs = 0xffbfd738, p = 0xffbfd730), line 343 in "audit_lib.c" [4] ListLogFileLoop(count = 0xffbfdba8), line 177 in "auditlog.c" [5] ListLogFile(), line 235 in "auditlog.c" [6] main(argc = 8, argv = 0xffbff0d4), line 518 in "auditlog.c" 2. Repeat reading audit file without incrementing offset. | On Solaris 10 corrupted audit records induce: 1. core dump on # seaudit -a -fn /work/tmp_install/21472886/seos.audit.bak.13-Jul-2013-00:00:00 -sd 12-JUL-2013 -st 11:50 2. endless loop on # seaudit -tr -fn /work/tmp_install/21472886/seos.audit.bak.13-Jul-2013-00:00:00 -sd 12-JUL-2013 -st 17:02 | ||
| 78 | 2 | Unix endpoint kernel mode | Fixes a ControlMinder issue where the agent fails to load SEOS_syscall on X64 Linux system running with 2.4 kernel | AC126SP30036 | LINUX x64 | Install AC on X64 RHEL 3.8 (for example). Execute SEOS_load and it will fail. | |||
| 79 | 2 | Unix endpoint user mode | Fixes an issue with ControlMinder where install_base and postinstall script create incorrect links for SEOS_syscall on 64-bit Solaris 8 or 9 running in a branded zone. | AC126SP30037 | Solaris Sparc,Solaris x86 | OSMIC was used in creating SEOS_syscall link for Solaris 8 and 9. | This only occurs when installing AC on 64-bit Solaris 8 or 9 in a branded zone. | Add additional check for Solaris 8 or 9. | On a 64-bit Solaris system that supports zones. 1. Do native installation in the global zone. 2. Unload SEOS_syscall. 3. Set SEOS_use_ioctl to 1. 4. Reload SEOS_syscall. 5. Go to the branded zone. 6. Do either native installation or legacy installation using install_base. The installation will fail when trying to link SEOS_syscall to either SEOS_syscall.28Z.64 or SEOS_syscall.29Z.64. |
| 80 | 1 | Unix endpoint user mode | Fixes a ControlMinder issue where the KBLAuditMgr fails to rename kbl audit | AC126SP30021 | Unix all | ||||
| 81 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue where on endpoints that are running vsftpd, remote ftp login generates audit record with console instead hostname/IP of acessor host | AC126SP30022 | Unix all | See Invest. notes. | 1. Verify vsftpd is running ps -ef | grep vsftpd 2. Connect FTP to CM endpoint. 3. Check produced LOGIN audit record is 07 Jul 2013 19:56:49 P LOGIN root 59 2 console VFTP instead expected: 07 Jul 2013 20:09:43 P LOGIN root 59 2 130.yyy.xxx.77 VFTP 07 Jul 2013 20:10:29 P LOGIN root 59 2 ismelxxx.ca.com VFTP |
||
| 82 | 1 | Unix endpoint kernel mode | Fixes a ControlMinder where the system crashed when unloading the SEOS_syscall kernel module | AC126SP30011 | LINUX all | See Invest.notes. | Unclear how cleanup function is called more than once. | Add check in SEOS_procserver_fini() to see if it is already released. If it is then do nothing. | |
| 83 | 2 | Unix endpoint kernel mode | Fixes a ControlMinder issue where the ganet crashed on an Oracle Enterprise Linux 6.3 running with Unbreakable Enterprise Kernel, 2.6.39-200.24.1 when calling the chdir system call | AC126SP30012 | LINUX all | See Invest. notes and Problem summary above. | This occurs on Linux kernel 2.6.39 or greater and the new root for the chroot command is a mounting point. | Identify the correct lock for vfsmount struct access. | On an OEL 6.3 with UEK system or any Linux kernel =^= 2.6.39: 1. Start AC. 2. Find a mounting point. 3. Execute "chroot mounting_point". This will panic the system instantly. |
| 84 | 2 | Unix endpoint kernel mode | Fixes a ControlMinder issues where a 20 seconds gap is observed in exec handle when the customer runs a shell scripts | AC126SP30013 | LINUX all | syscall pick up peer address that is neither PF_INET6 nor PF_INET. | |||
| 85 | 3 | Win endpoint user mode | Fixes a ControlMinder issue where defining a SPECIALPGM for a program that contains Japanese characters in its path generated an error message | AC126SP30014 | Windows all |