SRM Profiler Module and Storage Manager 6.2.3 Hot Fix 1:

 

This Hot Fix addresses the following issue:

  • ZDI-CAN-3398 - SQL Injection Remote Code Execution Vulnerability (through RulesMetaData)

 

Requirements

  • SolarWinds SRM Profiler or Storage Manager 6.2.3

 

Installing the HotFix

1. Unpack STM-v6.2.3-HotFix1 package to the Storage Manager Server installation directory.

   The default installation directory is:

   On Windows: \Program Files\SolarWinds\Storage Manager Server\

   On Linux: /opt/Storage_Manager_Server/

 

Note: If you are applying the patch for a Linux-based STM server, and downloaded the patch on a Windows computer, make sure that you unzip the package from Linux.

 

2. Extract the file structure as follows:

     <InstallationDirectory>\Patch\STM Patch.bat

 

3. On Windows: run the STM Patch.bat batch script in the Patch folder.

   On Linux: execute STM_Patch.sh.

 

Note: If you unzipped the package onto a Windows computer and copied it to Linux, and find you are unable to execute the script, do the following:

  a. Run sed -e 's/.$//' STM_Patch.sh > Copy_of_STM_Patch.sh

  b. Execute Copy_of_STM_Patch.sh

 

The script will stop all the STM services, apply the patches, and then start all the STM services. Do not stop this process.

 

4. From the Storage Manager Console, click Settings > Upgrade Agents, and do the following:

       a. Enter a name for the upgrade.

       b. Select all the modules.

       c. Select all the agents.

       d. Click Save. This will initiate a module push to all agents.

       

5. You can check the status of this module push using Settings > Upload Modules > Module Push Report.

 

6. To verify the list of patches that have been applied, go to Storage Manager Console > Settings > About.

 

Note: The above issue is credited to "rgod". See http://www.zerodayinitiative.com/advisories/upcoming/ for further information.