CA ARCserve Backup Ingres Vulnerability

Last Updated: July 06, 2007

For a complete explanation of the security vulnerability, go here:

http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp.

Affected ARCserve products:
CA ARCserve Backup (Linux only) v9
CA ARCserve Backup (Unix, Linux and Mainframe Linux) r11.1
CA ARCserve Backup (Linux only) r11.5
CA ARCserve Backup (Unix and Mainframe Linux) r11.5
BrightStor Enterprise Backup (Unix only) r10.5

Note: If you have CA ARCserve Backup for Windows or BrightStor Enterprise Backup for Windows there is no fix to apply since Ingres was not distributed with these products.

The steps to install the updates can be found here for Ingres 2.6.

The steps to install the updates can be found here for Ingres 3.0.

To download the fix for your version of CA ARCserve Backup, select it from the list below:

CA ARCserve Backup v9 for Linux:

Linux Intel 32bit [2.6/xxxx (int.lnx/00)]
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] - Large File Support

BrightStor Enterprise Backup r10.5 for UNIX:

AIX 32bit [2.6/xxxx (rs4.us5/00)]
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] - RISC and IA64
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)]
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)]

CA ARCserve Backup r11.1 for UNIX, Linux and Mainframe Linux:

AIX 32bit [2.6/xxxx (rs4.us5/00)]
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] - RISC and IA64
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)]
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] - Large File Support
Linux S/390 [2.6/xxxx (ibm.lnx/00)]
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)]

CA ARCserve Backup r11.5 for UNIX, Linux and Mainframe Linux:

AIX 32bit [2.6/xxxx (rs4.us5/00)]
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] - RISC and IA64
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)]
Linux S/390 [2.6/xxxx (ibm.lnx/00)]
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)]
Linux Intel 32bit [3.0.3 (int.lnx/103)] - x86, AMD64 and EM64T
Linux Itanium [3.0.3 (i64.lnx/211)] - IA64

Ingres II 2.6 Update Install Steps

Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup and it will put it back to the point prior to the update install taking place.

Unix/Linux:

1. Log in to the system as the INGRES super-user using the 'ingres' account.
   1. II_SYSTEM must be set to the Ingres system files
   2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories
   3. Add $II_SYSTEM/ingres/lib to the shared library path
   4. Set TERM to 'vt100' and TERM_INGRES to 'vt100fx'


2. Copy the downloaded maintenance update file to the /tmp directory and uncompress.



3. Read in the update file with the following commands:
   
   umask 022
   
   tar xf [update_file]
   
   This creates a directory containing the distribution and other files.



4. Stop all applications that may be connected to or using any of the files in the Ingres instance.



5. Stop all Ingres processes with the 'ingstop' utility:
   
   ingstop



6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. Also, copy the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to ensure that the configuration can be restored.



7. From the root directory of the Ingres installation ($II_SYSTEM/ingres), run the following command:
   
   tar xf /tmp/<patch_directory>/ingres.tar install



8. Run the following command:
   
   install/ingbuild



9. The initial install screen appears.



10. In the Distribution medium enter the full path to the 'ingres.tar' file (including the file) (See step 4).



11. Choose PackageInstall from the list of installation options and then choose 'Stand alone DBMS Server' from the list of packages. Then choose ExpressInstall.



12. Choose Yes in the pop-up screen and press Enter key.
    
    The install utility verifies that each component was transferred properly from the distribution medium. When this is finished (without errors), another pop-up screen for setting up the components comes up.



13. Select Yes and press Enter key to go to the Setup program.



14. Once the installation is complete, check the $II_SYSTEM/ingres/files/install.log for any errors. Also, check the $II_SYSTEM/ingres/version.rel file to verify the patch is referenced; this should show SP5.



15. If there are no errors, then restore the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files from the copies made in step 6 to replace the existing files.



16. Start Ingres using the 'ingstart' utility:
    
    ingstart



17. Upgrade the databases in the installation to the new release level:
    
    upgradedb -all

Ingres r3 Maintenance Update Install Steps

Unix/Linux:

1. Log on to your system using the installation owner account and make sure the environment is set up correctly:
   1. II_SYSTEM must be set to the Ingres system files
   2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories.


2. Change directory to the root directory of the Ingres installation or use a previously created directory.
   
   cd $II_SYSTEM/ingres
   
   or
   
   cd <patch_directory>



3. Copy the download maintenance update file in to the current directory and uncompress



4. Read in the update file with the following commands:
   
   umask 022
   
   tar xf [update_file]
   
   This will create the directory:
   
   $II_SYSTEM/ingres/patchXXXXX
   
   or
   
   <patch_directory>/patchXXXXX
   
   Note: 'XXXXX' in patchXXXXX refers to the update number



5. Stop all Ingres processes with the 'ingstop' utility:
   
   ingstop



6. Change directory to the patch directory:
   
   cd patchXXXXX



7. Within the patch directory run the following command:
   
   ./utility/iiinstaller
   
   Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced.
   
   Note: The patch can also be installed silently using the '-m' flag with iiinstaller:
   
   ./utility/iiinstaller -m



8. Once the patch install has been complete, re-link the iimerge binary with the following command:
   
   iilink



9. Ingres can then be restarted with the 'ingstart' utility:
   
   ingstart