Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0573 i-series IBM iSTAP can cause the Guardium Sniffer v10.0p4042 to frequently restart 26 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Guardium Sniffer Publisher: IBM Operating System: Linux variants Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10872672 - --------------------------BEGIN INCLUDED TEXT-------------------- i-series IBM iSTAP can cause the Guardium Sniffer v10.0p4042 to frequently restart Document information More support for: IBM Security Guardium Software version: All Versions Operating system(s): IBM i Reference #: 0872672 Modified date: 25 February 2019 Flashes (Alerts) Content The problem was noted on a v10.6 Collector with Sniffer patch p4042 installed. The STAP noted was iSTAP(TAP_VERSION=Guardium_DB2 for i S-TAP_2_10.0.0_r79963_trunk_1) The following can be seen in the syslog (messages) file for example <datetime> <hostname> GuardiumSniffer[4217]: Guardium Sniffer license verified. <datetime> <hostname> GuardiumSniffer[4217]: Starting UTAP_SERVER <datetime> <hostname> GuardiumSniffer[4217]: Starting WTAP_SERVER <datetime> <hostname> kernel: TapServerThread[4325]: segfault at 38 ip 000000000059df87 sp 00007f6e89a192a0 error 6 in snif[400000+51eb000] <datetime> <hostname> init: guard-snif main process (4217) killed by SEGV signal <datetime> <hostname> init: guard-snif main process ended, respawning <datetime> <hostname> snif: Guardium Sniffer Started <datetime> <hostname> GuardiumSniffer[4472]: Guardium Sniffer license verified. <datetime> <hostname> GuardiumSniffer[4472]: Starting WTAP_SERVER <datetime> <hostname> GuardiumSniffer[4472]: Starting UTAP_SERVER <datetime> <hostname> kernel: TapServerThread[4545]: segfault at 38 ip 000000000059df87 sp 00007f407250a2a0 error 6 in snif[400000+51eb000] <datetime> <hostname> init: guard-snif main process (4472) killed by SEGV signal <datetime> <hostname> init: guard-snif main process ended, respawning <datetime> <hostname> snif: Guardium Sniffer Started <datetime> <hostname> GuardiumSniffer[4694]: Guardium Sniffer license verified. <datetime> <hostname> GuardiumSniffer[4694]: Starting WTAP_SERVER <datetime> <hostname> GuardiumSniffer[4694]: Starting UTAP_SERVER <datetime> <hostname> kernel: TapServerThread[4766]: segfault at 38 ip 000000000059df87 sp 00007fe5b8afc2a0 error 6 in snif[400000+51eb000] <datetime> <hostname> init: guard-snif main process (4694) killed by SEGV signal <datetime> <hostname> init: guard-snif main process ended, respawning <datetime> <hostname> snif: Guardium Sniffer Started Remediation A coded fix has been identified which will be included in an ad-hoc patch later than Sniffer version v10.0p4042. Customers planning to upgrade to Sniffer patch p4042 should contact IBM for an ad-hoc patch which will contain the p4042 fixes plus the fix for this i-series problem. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXHSIEGaOgq3Tt24GAQhWMg//UqiClRUHy7aA8LtrWga1YwrJxyBtf8/6 ckL0vQ64p8SSO/7mqVFU0OdiPRC610K7sEUcVX9pfXTha6Okm52HgJ5VO7Y1t9ha yd0oGXz7ks5gY0PnpmPANSjNqgvcGV8MBN/rAmRhRHHxboRs7GLnX4o8Sq16d8no 2mbojOvRs/mN4NwcGerySmJ9CE9W+JLSO/s2soeG3+uSxJzHm95W4TcS6cdbwhac f0PXp8RcoLzpuT8mq9ROqDEzVdBLPMT21VuY9L3cL/yEcinDzvP3QnyaxrVZBLvF 5Jl5Uzgb5v5Om1jqaYQDwlv2MHQkxuZfkD5CCOog8Rq/B+qEqJkDh8NJUwn6YaqM gAZD6NBg+CiSmX/xf3KYN1deC3wsycI+6Oa3AdMEkYW1Ya4FhIJRSQnuu9KSL3t0 +O62rO0OTtcpoAePkLVVsBMMH1dxsEdyBe/avyuGat2cpvW9Diq5medO7uchDHvF BkF2TlqMs4RExhZbpXwTL/R3Aj7BNCgqahQKA6TMz4oRR/yAFAMTY+D3/GZB7gMK l/07K28hcw0N9lCVxwdJksITRZhyBeRQNp/ddMjYPuLnvim/tOkVND0+GjdRI6ZA HaYHD5SQh4sldxyRFFW2tqeUP6RH0Um3QAKKjcIaoVKUIwkRGpepl8S7NingFinY Xcfh09zytMI= =Cc5U -----END PGP SIGNATURE-----