Teaming 2.1 Security Patch 1

This document (5078011) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86, x86-64

Security patch: Yes

Priority: Mandatory

Distribution Type: Public

http://download.novell.com/Download?buildid=gz4IRLKEfDo~

document

Revision: 2

Document ID: 5078011

Creation Date: 2010-07-16 12:39:01

Modified Date: 2010-07-22 10:17:34

abstract

This patch addresses a security vulnerability as well as a few other general bug fixes to Novell Teaming 2.1.

details

System Requirements:
Patch should only be applied to existing installations of Novell Teaming 2.1 on Windows or Linux.

Installation:
a. Stop the Teaming service
- Steps to stop Teaming on Linux documented here.
- Steps to stop Teaming on Windows documented here.

b. Make a backup of the following jar file in your Teaming install:
/apache-tomcat-6.0.18/shared/lib/ext/kablink-teaming-main.jar

c. Download the patch and extract the kablink-teaming-main.jar file to the above location:
/apache-tomcat-6.0.18/shared/lib/ext/

d. Make certain the file permissions and ownership is exactly the same as the one you backed up in Step b.

e. Start the Teaming service
- Steps to start Teaming on Linux documented here.
- Steps to start Teaming on Windows documented here.

f. Schedule a zone-wide re-index by visiting Site Administration > Manage the Search Index > select top-level workspace (Home Workspace). This can take a long time if your site has a lot of data. This is necessary to correct the indexing issues addressed as part of this patch.

Uninstalling:
a. Stop the Teaming service
- Steps to stop Teaming on Linux documented here.
- Steps to stop Teaming on Windows documented here.

b. Replace the /apache-tomcat-6.0.18/shared/lib/ext/kablink-teaming-main.jar which was applied as part of the patch with the one you backed-up in Step b of Installation instructions above.

c. Start the Teaming service
- Steps to start Teaming on Linux documented here.
- Steps to start Teaming on Windows documented here.

Technical Support Information:
If you need help or have questions about this Security Patch, please contact Novell Technical Support.

security fixes

A security vulnerability was found in Novell Teaming 2.1 which allows remote attackers to execute arbitrary code on vulnerable installations of Novell Teaming. Authentication is not required to exploit this vulnerability.

CVE Number:
CVE-2010-2773

Researcher Name:
This security vulnerability was reported as ZDI-CAN-777 by TippingPoint Corporation and was discovered by: Stephen Fewer of Harmony Security (http://www.harmonysecurity.com)

change log

This patch also addresses the following general product defects:

1. Indexing in the background fails to correctly index entries
2. Exporting entries is restricted to 100 entries
3. Folder import fails with java exception
4. Chinese characters in description are not found in search

file contents

Compressed File Name: novpatch69391.tar.gz

Files Included	Size	Date
readme_5078011.html	N/A	2010-07-22 10:17:35

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.