Hotfix 4 addresses the following issues:
To Install Hotfix 4 on the LEM Appliance:
1. Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.
a. At the cmc> prompt, enter: manager
b. At the cmc::manager# prompt, enter: hotfix
2. Follow the instructions on your screen, providing the network path to your Hotfix 4 files and the appropriate credentials with Read access to this path.
3. Reboot the appliance.
a. Exit the cmc::manager# prompt or at the cmc# prompt, enter: appliance
b. At the prompt, enter: reboot
To install Hotfix 4 on the LEM Agents, use one of the following methods:
1. Use the auto-upgrade feature to automatically upgrade Agents if the feature is enabled.
2. If the auto-upgrade feature is disabled, or if there are communication issues between agents and the LEM Manager, follow the manual installation steps included in the "Install Hotfix 4 on Agents (manual steps)" section of the ReadMe included in the hotfix download.
Mitigation and Upgrades
To mitigate these issues, SolarWinds recommends upgrading to the latest version of LEM, v6.3.1 & applying Hotfix 4. SolarWinds also recommends changing the CMC password to ensure default credentials are not in use.
As of the date of this announcement, SolarWinds is not aware of any instance where a vulnerability remedied in Hotfix 4 has been actively exploited.
Common Vulnerabilities and Exposures (CVE) identifiers for the vulnerabilities remedied are not available at the time of this announcement, but will be added once assigned by a CVE Numbering Authority.
To report a potential vulnerability to SolarWinds, please email PSIRT@solarwinds.com
CMC command injection – allows an attacker to inject commands to escape the restricted shell.
Arbitrary command injection – allows an authenticated user to execute arbitrary commands from the CMC restricted shell - CVE-2017-7647
Access Control – allows an authenticated used to browse the LEM server’s filesystem and read contents of arbitrary files - CVE-2017-7646
Postgres Database Service – allows hardcoded credentials access to the Postgres database service via IPv6. IPv4 is not affected by this vulnerability.
Arbitrary File Read – allows an attacker to edit the SSH logon banner & read arbitrary files.
Privilege Escalation – allows an attacker to run certain commands as a privileged user - CVE-2017-5198 & CVE-2017-5199.
The following fixes from Hotfix 1, Hotfix 2, and Hotfix 3 are also included in this Hotfix:
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.