Services
& Support

Support Alerts 2009


December 10, 2009 – Alert – CSP Gateway Security Exploit

InterSystems has corrected a security defect that an attacker could exploit to gain complete control of a system through the CSP Gateway.

This vulnerability

  • exists only for the CSP Gateway components distributed with Caché and Ensemble versions 2009.1, 2009.1.1 and 2009.1.2, including Ad Hoc distributions based on these versions.
  • is only present on Windows XP and Windows 2000, including all their service packs.
  • is only present when using Apache Web Server versions 2 or 2.2.  No other Web Servers are at risk.

Additionally, CSP Gateway components are backwards compatible and some sites have chosen to run an older version of Caché or Ensemble with a newer version of the Gateway component.  Since the vulnerability exists in the CSP Gateway, this scenario effectively backports the vulnerability to an older version.  If doubts exist about the version of CSP Gateway in use, you can check it in the System Management Portal under System Administration -> Configuration-> Connectivity -> CSP Gateway Management.

The vulnerable CSP Gateway versions are:

  • 2009.1.0.*
  • 2009.1.1.*
  • 2009.1.2.*

A correction for this vulnerability for both Caché and Ensemble is available at:
ftp://ftp.intersystems.com/pub/cache/patches/CSP_Gateway_Security_Alert.zip
The .zip file contains four .dll files.  There are two files applicable to each at-risk Apache version:

Apache 2.0:
CSPa2.dll
CSPa2Sys.dll

Apache 2.2:
CSPa22.dll
CSPa22Sys.dll

Select the appropriate two files based on the Apache version the system uses.  Replace the existing files with the supplied files in the environment where the CSP Gateway is installed.

These files can normally be found:

  • under the Caché or Ensemble directory in: <cachedir>\CSP\bin or <ensembledir>\CSP\bin
    OR
  • c:\Program Files\Apache Software Foundation\Apache<version>\CSPGateway

Once the new .dlls are in place the CSP Gateway version should display as:

2009.1.3.*

For reference: this correction is identified internally as CMT781. This correction will be included in the upcoming 2009.1.3 Maintenance Release and all subsequent releases.  If you have further questions regarding this, please contact the InterSystems Worldwide Response Center (WRC) – support@intersystems.com.


November 10, 2009 – UPDATE: Advisory, HP-UX Patch Incompatibility

This advisory supersedes the advisory:  “August 27, 2009 – Advisory, HP-UX Patch Incompatibility

The previous advisory stated that the patch incompatibility did not exist on Itanium platforms.  InterSystems has since received reports of the problem occurring on Itanium platforms and the advisory is being extended to include Itanium systems.

InterSystems has discovered an incompatibility with specific patches for HP-UX that can cause problems with installation, startup, and normal operation of Caché and Ensemble.

These problems exist on both the PA-RISC platform and the Itanium platform.

Only installations on HP-UX 11i v2 (11.23) and HP-UX 11i v3 (11.31) versions are at risk.

All currently released versions of Caché and Ensemble are at risk.

Symptoms of the problem are:

Memory faults (core dumps) generated during Caché or Ensemble startup. Messages regarding these core dumps are displayed during startup. This may also cause startup to fail completely after the core dumps are generated.

Memory faults present in “ccontrol all” output. For example:

Instance Name     Version ID        Port   Directory

-------------     ----------        -----  -----

CACHE             5.2.3.710.0       1973   /usr/cachesys

sh: 538 Memory fault(coredump)

The specific patch families for HP-UX 11i v2 are identified as:

  • PHSS_37907 (11.23 LIBCL patch) This includes all superseding patches up to PHSS_37958, which is the most recent at the time of this writing.
  • PHSS_38134 (11.23 linker + fdp cumulative patch) This includes all superseding patches up to PHSS_39821, which is the most recent at the time of this writing.

The specific patch family for HP-UX 11i v3 is identified as:

  • PHSS_39094 (11.31 linker + fdp cumulative patch) This includes all superseding patches up to PHSS_39822, which is the most recent at the time of this writing.
  • PHSS_37908 (11.31 LIBCL patch) including all superseding patches up to PHSS_37959 which is the most recent at this time

To avoid the problems described above the patches referenced should not be applied and should be removed if already applied.

On some systems hosting versions of Caché and Ensemble 2007.x or greater, it may be necessary to run one of the following commands to fix any existing instances of Caché or Ensemble on the system:

/usr/ccs/bin/fastbind <cache path/executable>
(example: /usr/ccs/bin/fastbind /usr/cachesys/bin/cache)

/usr/ccs/bin/fastbind –n <cache path/executable>
(example: /usr/ccs/bin/fastbind –n /usr/cachesys/bin/cache)

Running these commands is only necessary in the case that Caché or Ensemble continues to generate core dumps after the offending HP patches have been removed.

InterSystems and HP are working closely to deliver a permanent correction.  Further developments will be announced on this mailing list.

If you have further questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).


November 5, 2009 – ECP and Unicode Data Integrity

InterSystems has corrected an ECP problem that has existed in all Caché versions since 5.0.  The correction will be included in 2008.2.6, 2009.1.3, and 2010.1.

This problem can occur extremely rarely and only with applications that store UNICODE characters in an ECP configuration in which the application server and database server are of different endian (byte-order) architectures.  [Please refer to the Supported Platforms section of the Caché Documentation to determine which byte-order is associated with different hardware platforms.]  Even in such a configuration, the likelihood of encountering the problem is very rare.

To further illustrate the problem, here is an example of the criteria required in order to be exposed to this problem:

  • ECP is configured between an Intel-based application server and an IBM PowerPC (AIX) database server
  • A Caché Unicode version prior to 2008.2.6 or 2009.1.3 is installed on the application and database servers
  • On the application server, a SET of a very short UNICODE string is made to global reference on the database server
  • The endian conversion of the string may not be performed and the resulting set may be in the wrong byte order on the application server

Although this problem can rarely occur and only a very small number of customers meet the criteria described above, the impact of this problem have serious consequences to the application end user.  If you or your end user are exposed to this potential problem, we urge you to contact InterSystems Worldwide Response Center (WRC) and request a new release or an Ad hoc correction to the current production version.  The correction is identified as GK788.


October 14, 2009 – Advisory: Installation on 64-bit AIX

InterSystems customers have reported errors when installing Caché and Ensemble on 64-bit IBM AIX 5L V5.3.  We have determined that these problems are addressed by a correction available from IBM.

This risk exists for all versions of Caché and Ensemble.

This problem can be encountered during a new install or an upgrade of an existing Caché or Ensemble environment.  While there is no risk to data because of this problem, the environment is left in an unpredictable state and should not be used until Caché or Ensemble is re-installed.

The following is an example of the error messages during installation when this problem is encountered:

Starting installation…

libcachebasic.so failed Couldn’t find DLL [FFFFFFFF800401F8]
libcachepm.so failed Couldn’t find DLL [FFFFFFFF800401F8]
libcachescanner.so failed Couldn’t find DLL [FFFFFFFF800401F8]
libcachemvbasic.so failed Couldn’t find DLL [FFFFFFFF800401F8]
libcachepp.so failed Couldn’t find DLL [FFFFFFFF800401F8]

Couldn’t install all projects.

InterSystems testing has confirmed that this risk is addressed by updating AIX to at least:

AIX 5L V5.3 TL6 Service Pack 3
OR
AIX 5L V5.3 TL7

The relevant IBM APARs are IY99462 and IZ01456.

If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).


August 27, 2009 – Advisory, HP-UX Patch Incompatibility

InterSystems has discovered an incompatibility with specific patches for HP-UX that can cause problems with installation, startup, and normal operation of Caché and Ensemble.

These problems exist only on the PA-RISC platform; the Itanium platform is not at risk.

Only installations on HP-UX 11i v2 (11.23) and HP-UX 11i v3 (11.31) versions are at risk.

All currently released versions of Caché and Ensemble are at risk.

Symptoms of the problem are:

  • Memory faults (core dumps) generated during Caché or Ensemble startup. Messages regarding these core dumps are displayed during startup. This may also cause startup to fail completely after the core dumps are generated.
  • Memory faults present in “ccontrol all” output. For example:Instance Name     Version ID        Port   Directory
    -------------     ----------        -----  ---------
    CACHE             5.2.3.710.0       1973   /usr/cachesys
    sh: 538 Memory fault(coredump)

The specific patch families for HP-UX 11i v2 are identified as:

PHSS_37907 (11.23 LIBCL patch) This includes all superseding patches up to PHSS_37958, which is the most recent at the time of this writing.
PHSS_38134 (11.23 linker + fdp cumulative patch) This includes all superseding patches up to PHSS_39821, which is the most recent at the time of this writing.

The specific patch family for HP-UX 11i v3 is identified as:

PHSS_39094 (11.31 linker + fdp cumulative patch) This includes all superseding patches up to PHSS_39822, which is the most recent at the time of this writing. The bundled LIBCL patch (PHSS_37959 and superseding patches) has not been shown to be problematic.

To avoid the problems described above the patches referenced should not be applied and should be removed if already applied.

On some systems hosting versions of Caché and Ensemble 2007.x or greater, it may be necessary to run one of the following commands to fix any existing instances of Caché or Ensemble on the system:

/usr/ccs/bin/fastbind <cache path/executable>
(example: /usr/ccs/bin/fastbind /usr/cachesys/bin/cache)

/usr/ccs/bin/fastbind –n <cache path/executable>
(example: /usr/ccs/bin/fastbind –n /usr/cachesys/bin/cache)

Running these commands is only necessary in the case that Caché or Ensemble continues to generate core dumps after the offending HP patches have been removed.

InterSystems and HP are working closely to deliver a permanent correction.  Further developments will be announced on this mailing list.

If you have further questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).


August 17, 2009 – Database Truncation Alert

A vulnerability has been discovered such that when a database expansion is triggered during database truncation, there is a danger of database degradation. The truncation can be requested via the, “Return unused space for a database” option, of the ^DATABASE routine menu, or via the SYS.Database API. This feature is presently available on Windows and Unix platforms only; furthermore, it is not applicable to databases with 2KB block sizes, or databases with raw volumes.

This potential problem exists on Caché and Ensemble version 2009.1 only.

To address this issue, InterSystems recommends that database truncation should not be run on systems with active users. The correction will be available in Caché 2009.1.1 and Ensemble 2009.1.1.

If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).


July 30, 2009 – Microsoft ATL Security Alert

Microsoft recently released the following security bulletin concerning vulnerabilities in their Active Template Library (ATL).

http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx

The information in this bulletin has the potential to impact any version of Caché or Ensemble running on any Microsoft Windows platform.

InterSystems has reviewed all code in our products that uses the ATL and determined that we do not reference any of the functionality involved in the potential vulnerabilities. Caché and Ensemble are not at risk for these problems.

The ATL is redistributed with Caché and Ensemble.  InterSystems will ensure that all future product distributions will include the corrected ATL from Microsoft.  Existing distributions of Caché and Ensemble, containing the uncorrected ATL, may trigger an alert from Windows Update recommending installation of the corrected ATL version if it has not been previously installed.  In cases where a corrected ATL version has been installed, Caché and Ensemble installation will not overwrite the corrected version.


July 23, 2009 – Update – Sophos Anti-Virus Impact

Update: Sophos believes the issue that caused Caché and Ensemble outages today has been identified and corrected. Sophos will release an update overnight that includes the correction.

If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).


July 23, 2009 – Alert – Sophos Anti-Virus Impact

InterSystems has received numerous reports today from customers experiencing Caché and Ensemble outages after installing an update of Sophos Anti-Virus Threat Detection Data.

Our current information indicates that all versions of Caché and Ensemble running on Microsoft Windows platforms are at risk.

InterSystems is working with Sophos management to understand and address the cause of these problems.  We will provide further updates as we have more information.

If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).


June 9, 2009 – Ensemble Rules Corruption

InterSystems has corrected a defect that can cause corruption of Ensemble rules.

This defect exists for all platforms and operating systems.  It exists in all currently released versions of Ensemble beginning with 2007.1.2.  Versions prior to 2007.1.2 are not at risk.

Necessary conditions to trigger this defect are the following steps:

  1. An Ensemble instance is reinstalled or upgraded (to 2007.1.2 or higher).
  2. Rules are created or edited after the reinstall or upgrade.

The problem is not apparent at the time of creation/edit as the rule definition is unaffected.  The corruption occurs in the generated logic of a rule OTHER THAN the one being created/edited.

The defect is manifested in one of two ways:

  • The generated logic for a rule is deleted resulting in the rule having no effect and the following message appearing in the Event Log: “Routine for this rule is missing”
  • The generated logic for a rule does not match the rule definition resulting in unintended logic being applied.

The following procedure will correct any existing corruption and eliminate the possibility of further corruption until a subsequent upgrade or reinstall is performed.  This procedure must be run in every production namespace.

  1. Stop the Production
  2. Do ##class(Ens.Rule.Compiler).PurgeRuleCache()
  3. Do ##class(Ens.Rule.RuleDefinition).RecompileAll()
  4. Restart the Production

If you are unsure if you are affected by this corruption please contact InterSystems Worldwide Response Center. A routine to check for rule routine corruption is at:ftp://ftp.intersystems.com/pub/ensemble/zEnsRuleChecker.zip

The correction for this defect is identified as MC924 and applies to Ensemble versions 2007.x and 2008.x.  MC924 can be requested in an Ad Hoc distribution and will be included in the upcoming Maintenance releases of Ensemble 2008.1.6 and 2008.2.4.  The defect will also be corrected in the upcoming general release of Ensemble 2009.1.

If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).


April 27, 2009 – Shadowing Stall

InterSystems has corrected a defect that can cause shadowing to stall while reporting itself as still processing.

This defect exists only on Windows platforms (both Win32 and Win64).  The following product versions are at risk:
Caché 5.2.4
Caché 2007.1.4 and above
Caché 2008.x
Ensemble 2008.x
Any Ensemble kit based on an at risk Caché version

This defect is triggered when the source system for shadowing uses a journal prefix and the prefix contains an UPPERCASE character or characters.  Application of journal files on the destination of shadowing stalls at the point it should start using the journal file with the UPPERCASE prefix.  When this occurs shadowing continues to report itself as processing.

When this defect is triggered the cconsole log on the source system will record an error of the form:

04/20-14:18:29:930 (1620) 0 NEXTJRN: -98,’c:\dirpath\JFM20090420.005′ appears to be the next file of ‘c:\dirpath\jfm20090420.004’ but contains a pointer to a different previous file from ‘c:\dirpath\jfm20090420.004’ and thus couldn’t be the next file

The correction for this defect is identified as HYY1456 and is expected to be included in Caché and Ensemble 2009.1.  This defect can easily be avoided by using lowercase prefixes for journal file names.  The correction is also available from InterSystems as an Ad Hoc distribution.

If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).