Guardium v90 p4030 Sniffer Update r74670
description
Transcript of Guardium v90 p4030 Sniffer Update r74670
1
Problem Overview
================
Product: InfoSphere Guardium
Release: 9.0
Fix ID#: SqlGuard_9.0p4030_SnifferUpdate
Revision: 74670
Fix Completion Date: 2015-04-14
Description: Resolve v9.0 Sniffer issues
MD5SUM 0d518bdc06defb43f9e9c9b35c4bb44d
Sniffer Update: 4015, 4016, 4017, 4018, 4019, 4020, 4021, 4022, 4023, 4024, 4025,
4026, 4027, 4028, 4029, 4030
Notes:
Installation of this patch 4030 will automatically restart the sniffer process.
Universal sniffer patch can be installed on top of any GPU starting with v9.0 patch 50
or higher.
When this patch is installed on a collector appliance, make sure that the patch is also
installed on the corresponding aggregator appliance. Do this to avoid aggregator
merge issues.
9.0p4030 will fail to install on a v9.0 Guardium system that does not have GPU p50
or a higher numbered GPU (patch or .ISO) installed will display the following error
message:
ERROR: Patch Installation Failed - Incompatible GPU level. GPU p50 or higher
required.
The bugs that were fixed in these patches:
Fix # Sniffer Problem Description
4015 43300/
43840
Escape all special characters from the regex.h library used for
matching tuples.
Fix parser error, bind variable types amended.
4016 44342/
44345/
44370/
44382
From clause on delete statement is optional.
Fix flag for Oracle xml strings.
Fix parser error when using resource minimum 30 in CREATE
GROUP.
2
Fix # Sniffer Problem Description
Fix parser error, common table expression in query results.
4017 43543/
44569/
44589
Fix instance where bind variable is not handled correctly in
Sybase IQ traffic.
Records affected from Full SQL entity return extremely high
numbers- implemented guessing mechanism for flags.
4018 44217/
44412/
44469.
44520/
44612
For specific SQL on MS SQL, password not masked -fix fixup
routine in ParserRequestHandler.
Remove column -
GDM_CONSTRUCT_INSTANCE.SECONDS.
Fix condition for client/server ip boundary conditions.
Fix parser error, common table expression.
Fix parser error, Greenplum DB create table with append
optimized.
4019 43386/
44217/
44824
Changed single quoted string in SET CLIENT statements to
literal instead of object. It will no longer contribute to the
construct ID hash.
For specific SQL on MS SQL, password not masked -fix fixup
routine in ParserRequestHandler.
Fix instance of Buffer Usage Monitor script sniffer memory
incorrect on 64-bit machines.
4020 44119/
44939
Fix custom ID procedure.
4021 44986 Add bound-check for template id to prevent sniffer stop due to
index-out-of-range error.
4022 44933 Fix instance of unclear Sybase exceptions - TDS_SYB-13-48-
49 and TDS_SYB-97-100-0
4023 36320/
44216
Fix logger problem specific to Hadoop.
Fix high logger queues and memory consumption.
4024 45385/
44563
Fix instance of Oracle-sql-logger replaced by hive-sql-logger.
Add analyzer rule A_NO_LOGIN_ACTION. Currently it is
specific for Oracle and forces to set user name to '?' in case
platform information is missed.
4025 44589 Records affected from Full SQL entity return extremely high
3
Fix # Sniffer Problem Description
numbers- implemented guessing mechanism for flags.
4026 44119/
44430/
45526/
45607
Fix custom ID procedure
Fix instance of packet_run returning TCP for MS SQL traffic
even if the actual NET_PROTOCOL is Named PIPE.
Fix instance of Bind Variable not correctly handled in Sybase
IQ, using setInt() in Java application.
Add HRPC protocol v8 to fix instance of no DB_USER for
Hadoop traffic.
4027 42120/
44046/
45629/
45669
Fix instance of guessing usernames from packets, if login
packet was lost.
Fix Sybase parse error by truncating "distribute" statement and
allowing to parse it.
Fix instance in Sybase IQ where remote TCP DB_user not
logged into GDM-tables.
Fix problem with Sybase declare statement.
4028 45727 Add new parameter, force_tls_and_log_access_only. Turning
on this parameter will force use_tls=1 and failover_tls=0
regardless of their settings in the .ini file. In addition,
utap_server on the snif side will flag the analyzer so it knows to
only log access details.
Only user session info will be recorded and S-TAPs are using
SSL encryption to connect to appliance.
In reports, successful SQLs will display as 1 and Failed SQLs
will display as 0.
4029 44589/
45704/
45728
Records affected from Full SQL entity return extremely high
numbers- implemented guessing mechanism for flags.
Fix instance of Informix prepared statements missing
corresponding statements with actual values.
Fix instance of Informix not extracting DB User from Login
Packet for Local App Connection.
4030 44702/
45704/
45727/
45779/
45780
xml db: Fine tune the division into objects and fields.
45704 - see patch 4029
45727 - see patch 4028
Fix instance of Sniffer conflict with SHA1() segfault.
Oracle parser -- recode to avoid infinite loop.
4
2015-April-14
IBM InfoSphere Guardium Licensed Materials - Property of IBM. © Copyright IBM Corp. 2015. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” (www.ibm.com/legal/copytrade.shtml)