Progress DataDirect drivers vulnerabilities on Policy Server r12.8.x
search cancel

Progress DataDirect drivers vulnerabilities on Policy Server r12.8.x

book

Article ID: 269948

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The CVE-2023-34364 and CVE-2023-34363 vulnerabilities in Progress DataDirect drivers affect Policy Servers in all the Symantec SiteMinder releases.

If you are using Policy Server 12.8.04 or later versions, perform the following steps to fix the vulnerabilities (Broadcom no longer supports Policy Server versions prior to 12.8.04):

Below are the contents of the KB 

1) Patch download location 

2) Steps for -->  Customers Configured with ODBC database stores. 

3) Steps for -->  Customers NOT configured with ODBC database stores.

4) Steps for --> Verify the version of Driver before and After applying fix.

 

Resolution

############## Patch download location  ############## 

Please login with your ID to support.broadcom.com and navigate to the below link to download the Progress Driver patch.

Please download the patch from the following link --> https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111828&os=MULTI-PLATFORM

 

############## Customers Configured with ODBC database stores ############## 

On Windows:
===========
Follow these steps on each Policy Server:
1. Open "SiteMinder Solution for Progress Data drivers vulnerabilities" from the SiteMinder Cumulative Release Index page.
2. Download and unzip the ODBC_Drivers_Vulnerability_Patch.zip file to retrieve the following latest .dll files and .LIC files from Windows folder :

- nsdb228.dll
- nsdb228r.dll
- nsicu28.dll  
- nsmysql28.dl
- nsmysql28r.dll
- nsora28.dll
- nsora28r.dll
- nspsql28.dll
- nspsql28r.dll
- nssqls28.dll
- nssqls28r.dll
- nstls28.dll
- nstrc28.dll
- DDNS.LIC

3. Steps to port the libs on each Policy Server: 

a) Stop Policy Server.
b) Take a backup of the existing files that are listed above at <siteminder-home>\bin, replace them in the bin folder with the latest files that were retrieved in Step 2. 
c) Take a backup of the nsssl28.dll file at <siteminder-home>\bin and delete it from the bin folder. 
d) Start Policy Server.

 

On Linux:
===========

Follow these steps on each Policy Server:
1. Open "SiteMinder Solution for Progress Data drivers vulnerabilities" from the SiteMinder Cumulative Release Index page.
2. Download and unzip the ODBC_Drivers_Vulnerability_Patch.zip file to retrieve the following latest .so files from Linux folder:

- libNSicu28.so
- libNSmbackw.so
- libNStls28.so
- libodbc.so
- libodbc.so.1
- libodbcinst.so
- libodbcinst.so.1
- NSdb228.so
- NSmysql28.so
- NSora28.so
- NSpsql28.so
- NSsqls28.so
- NStrc28.so
- odbccurs.so

3. Steps to port the libs on each Policy Server:

a) Stop Policy Server.
b) Take a backup of the existing files that are listed above at <siteminder-home>/odbc/lib, replace them in the lib folder with the latest files that were retrieved in Step 2.  c) Take a backup of the libNSssl28.so, vscnctdlg.so, and NSora28r.so (if present) files at <siteminder-home>/odbc/lib and delete these files from the lib folder. 
d) Start Policy Server.

 

############## Customers NOT configured with ODBC database stores. ############## 

NOTE --> If you are using APS or SmWalker GD module, Please DO NOT delete the libraries otherwise the APS and SmWalker will fail to initialize, rather please patch the Driver as mentioned above 

Customers not configured with ODBC database stores
==================================================

In case if you have not configured ODBC databases with SiteMinder, then either you can upgrade with latest patch following the steps as shown in above section or can remove 
the installed data direct driver using following steps.

On Windows:
==========
Perform the below steps on each policy server

1. Stop Policy server

2.Take backup of the below existing files from the <siteminder-home>\bin

- nsdb228.dll
- nsdb228r.dll
- nsicu28.dll
- nsmysql28.dl
- nsmysql28r.dll
- nsora28.dll
- nsora28r.dll
- nspsql28.dll
- nspsql28r.dll
- nssqls28.dll
- nssqls28r.dll
- nsssl28.dll
- nstrc28.dll
- DDNS.LIC

3.Delete these files from <siteminder-home>\bin folder

4.Start the Policy Server.

On Linux:
=========
Perform the below steps on each policy server

1.Stop Policy Server
2.Take backup of the lib folder from the <siteminder-home>/odbc
3.Delete lib folder from the  <siteminder-home>/odbc
4.Start Policy Server.

 

############## Verify the version of Driver before and After applying fix ############## 

How to Determine the Progress DataDirect Drivers Version in SiteMinder
=======================================================
This patch upgrades the existing DataDirect drivers to the following versions in SiteMinder:
- DB2 DD Driver Version -08.02.0394 
- My SQL DD Driver Version-08.02.0381
- Oracle DD Driver Version -08.02.2770 
- PostgresQL DD Driver Version -08.02.2122 
- SQL Server DD Driver Version -08.02.1222

To verify the upgraded drivers versions in your environment, follow these steps:

On Windows:
===========
1. Open ODBC Data Sources (64-bit) and select the System DSN tab in ODBC Data Source Administrator (64-bit).
2. Click Add to create a new data source.
The mentioned list of drivers and their versions is displayed in the Create New Data Source pop-up dialog.

On Linux:
===========
1. Navigate to <siteminder-home>/odbc/lib.
2. Run the following command:

strings <datadirect-driver-filename.so> | grep <last-4-digits-of-version-as-mentioned-above>
Example: strings NSora28.so | grep 2770

If the version that is specified in the command exists, the complete version of the .so file is displayed.
Example: Result of the above command
08.02.2770 (B1532, U1315)