1

Problem Overview

================

Product: InfoSphere Guardium

Release: 9.0

Fix ID#: SqlGuard_9.0p4030_SnifferUpdate

Revision: 74670

Fix Completion Date: 2015-04-14

Description: Resolve v9.0 Sniffer issues

MD5SUM 0d518bdc06defb43f9e9c9b35c4bb44d

Sniffer Update: 4015, 4016, 4017, 4018, 4019, 4020, 4021, 4022, 4023, 4024, 4025,

4026, 4027, 4028, 4029, 4030

Notes:

Installation of this patch 4030 will automatically restart the sniffer process.

Universal sniffer patch can be installed on top of any GPU starting with v9.0 patch 50

or higher.

When this patch is installed on a collector appliance, make sure that the patch is also

installed on the corresponding aggregator appliance. Do this to avoid aggregator

merge issues.

9.0p4030 will fail to install on a v9.0 Guardium system that does not have GPU p50

or a higher numbered GPU (patch or .ISO) installed will display the following error

message:

ERROR: Patch Installation Failed - Incompatible GPU level. GPU p50 or higher

required.

The bugs that were fixed in these patches:

Fix # Sniffer Problem Description

4015 43300/

43840

Escape all special characters from the regex.h library used for

matching tuples.

Fix parser error, bind variable types amended.

4016 44342/

44345/

44370/

44382

From clause on delete statement is optional.

Fix flag for Oracle xml strings.

Fix parser error when using resource minimum 30 in CREATE

GROUP.

2

Fix # Sniffer Problem Description

Fix parser error, common table expression in query results.

4017 43543/

44569/

44589

Fix instance where bind variable is not handled correctly in

Sybase IQ traffic.

Records affected from Full SQL entity return extremely high

numbers- implemented guessing mechanism for flags.

4018 44217/

44412/

44469.

44520/

44612

For specific SQL on MS SQL, password not masked -fix fixup

routine in ParserRequestHandler.

Remove column -

GDM_CONSTRUCT_INSTANCE.SECONDS.

Fix condition for client/server ip boundary conditions.

Fix parser error, common table expression.

Fix parser error, Greenplum DB create table with append

optimized.

4019 43386/

44217/

44824

Changed single quoted string in SET CLIENT statements to

literal instead of object. It will no longer contribute to the

construct ID hash.

For specific SQL on MS SQL, password not masked -fix fixup

routine in ParserRequestHandler.

Fix instance of Buffer Usage Monitor script sniffer memory

incorrect on 64-bit machines.

4020 44119/

44939

Fix custom ID procedure.

4021 44986 Add bound-check for template id to prevent sniffer stop due to

index-out-of-range error.

4022 44933 Fix instance of unclear Sybase exceptions - TDS_SYB-13-48-

49 and TDS_SYB-97-100-0

4023 36320/

44216

Fix logger problem specific to Hadoop.

Fix high logger queues and memory consumption.

4024 45385/

44563

Fix instance of Oracle-sql-logger replaced by hive-sql-logger.

Add analyzer rule A_NO_LOGIN_ACTION. Currently it is

specific for Oracle and forces to set user name to '?' in case

platform information is missed.

4025 44589 Records affected from Full SQL entity return extremely high

3

Fix # Sniffer Problem Description

numbers- implemented guessing mechanism for flags.

4026 44119/

44430/

45526/

45607

Fix custom ID procedure

Fix instance of packet_run returning TCP for MS SQL traffic

even if the actual NET_PROTOCOL is Named PIPE.

Fix instance of Bind Variable not correctly handled in Sybase

IQ, using setInt() in Java application.

Add HRPC protocol v8 to fix instance of no DB_USER for

Hadoop traffic.

4027 42120/

44046/

45629/

45669

Fix instance of guessing usernames from packets, if login

packet was lost.

Fix Sybase parse error by truncating "distribute" statement and

allowing to parse it.

Fix instance in Sybase IQ where remote TCP DB_user not

logged into GDM-tables.

Fix problem with Sybase declare statement.

4028 45727 Add new parameter, force_tls_and_log_access_only. Turning

on this parameter will force use_tls=1 and failover_tls=0

regardless of their settings in the .ini file. In addition,

utap_server on the snif side will flag the analyzer so it knows to

only log access details.

Only user session info will be recorded and S-TAPs are using

SSL encryption to connect to appliance.

In reports, successful SQLs will display as 1 and Failed SQLs

will display as 0.

4029 44589/

45704/

45728

Records affected from Full SQL entity return extremely high

numbers- implemented guessing mechanism for flags.

Fix instance of Informix prepared statements missing

corresponding statements with actual values.

Fix instance of Informix not extracting DB User from Login

Packet for Local App Connection.

4030 44702/

45704/

45727/

45779/

45780

xml db: Fine tune the division into objects and fields.

45704 - see patch 4029

45727 - see patch 4028

Fix instance of Sniffer conflict with SHA1() segfault.

Oracle parser -- recode to avoid infinite loop.

4

2015-April-14

IBM InfoSphere Guardium Licensed Materials - Property of IBM. © Copyright IBM Corp. 2015. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” (www.ibm.com/legal/copytrade.shtml)