Hotfix 6 addresses the following issues:
- Expired certificate for connector updates causing Automatic Connector Updates to fail. Hotfix 6 needs to be applied to restore Automatic Connector Updates functionality. Manual connector update steps can be found here.
- Updated the partition delete process to prevent it from running before the LEM Manager starts up.
- Null Pointer Exception error caused by the partition delete process.
To Install Hotfix 6 on the LEM Appliance:
1. Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.
a. At the cmc> prompt, enter: manager
b. At the cmc::manager# prompt, enter: hotfix
2. Follow the instructions on your screen, providing the network path to your Hotfix 4 files and the appropriate credentials with read access to this path.
a. Forexample: \\server\share\unzipped_hotfix_folder\hotfix
b. If you receive a message stating that no upgrades were found, ensure that you entered the correct path to the files. When completed, a cmc: prompt appears.
3. Reboot the appliance.
a. Exit the cmc::manager# prompt or at the cmc# prompt, enter: appliance
b. At the prompt, enter: reboot
The following fixes from Hotfixes 1-5 are also included in this Hotfix:
- Fixed a hard-coded credential vulnerability (CWE Classification 798). Removed hardcoded passwords and hash digests that were discovered within the LEM appliance. These credentials were only accessible via root access. SolarWinds is not aware of any instances of this vulnerability being actively exploited and would like to credit Josh Hardin and Matt Bergin at KoreLogic for reporting the vulnerability. To mitigate these issues, SolarWinds recommends upgrading to the latest version of LEM v6.3.1 & applying Hotfix 6. SolarWinds also recommends changing the CMC password to ensure default credentials are not in use. To report a potential vulnerability to SolarWinds, please email PSIRT@solarwinds.com
- Updates to improve logging and enhance supportability.
- Upgraded Tomcat to version 8.0.44
- Fixed an issue with free disk calculations
- Upgraded the SSH library to support AES encryption by default.
- Windows Server 2016 nodes are now labeled properly in the LEM console. Previously, the LEM console listed computers running Windows Server 2016 as
Windows NT (unknown).
- Scheduled nDepth search results limited to 50,000 events.
- Fixed Import Cert error when importing certificate after command failure.
- Fixed an issue that display the IP address instead of the FQDN/hostname in 'All Installed Agents'.
- Fixed an issue when anL4 Database appliance started with only 128MB of memory.
- Updates the Java platform to the latest version.
- Fixed an out-of-memory issue that occurs when sending alerts to the console. The fix improves performance when a large number of events are sent to the console.
- Fixed agent-manager communication issues - periodic disconnect and others.
- Fixed an issue with nDepth log retention (logging missing date in raw records).
- Fixed an issue that prevents logging into LEM if using User Principal Name with a custom alias or SAM Account Name with NetBIOS.
- Added the ability to use sub-alias LDAP environments.
- Removed field limitations in the normalized alert database.
- Fixed a log rotate issue that causes connectors to stop working if log lines are too long.
- Fixed a single sign-on issue that occurs if a Kerberos ticket is unusually long because a user belongs to many groups.
- Added the ability to configure custom LDAP groups for authentication.
- Set an agent memory limit for agents upgraded from older versions.
- The threat-feeds server certificate changed - LEM cannot download thread-feeds IPs.
- Unable to use a domain containing a dash in the LDAP configuration.
- Unable to recover a password when HTTP is disabled.
- Exceptions during a fast evaluation are not logged.
- This fix is applicable to LEM 6.3.1 only.