RSCD Agent security vulnerability R2

Issues

The following RSCD Agent security vulnerabilities have been addressed in this hotfix:

We recommend that you immediately apply the hotfix as described in this topic.

Resolution

Download the hotfix required for your platform from the Patches tab of the following EPD website page and apply the hotfix. You must provide your BMC Support credentials to access the EPD website. You might also be prompted to complete the Export Compliance form.

Applying the hotfix

Depending on your requirements, apply the hotfix as described in the following sections:

• Applying the hotfix to the standalone RSCD Agents
• Applying the hotfix to the RSCD Agents installed on Application Servers and Repeaters

Applying the hotfix to the standalone RSCD Agents

Upgrade the standalone existing RSCD Agents or install them.

• Upgrading an existing RSCD Agent that is installed on a target server
• Installing (fresh) an RSCD Agent on a target server

 Upgrading an existing RSCD Agent that is installed on a target server

1. Download and extract the RSCD_SecurityFixes_<version>_HF2_V1.zip file to a temporary directory.

   The extracted directory contains the TSSA<version>-RSCDAgents.zip file.

2. Extract the TSSA<version>-RSCDAgents.zip file.

   The extracted directory contains the RSCD Agent installers (RSCD<version>-<platform>).

3. Use one of the following methods to upgrade the RSCD Agent:
   • (Method 1) Create and run the Agent Installer Job. For more information, see Creating-an-agent-bundle and Creating-an-Agent-Installer-Job. 

   • (Method 2) Use one of the methods described in the following table:

     Method	Reference (Windows)	Reference (Linux/Unix)
     Interactive installation	Upgrading-the-RSCD-agent-on-Windows	Upgrading-the-RSCD-agent-on-Linux-and-UNIX
     Silent installation	Silently-upgrading-Windows-agents	Silently-upgrading-Linux-and-UNIX-agents Using-silent-mode-to-upgrade-components-on-Linux-or-UNIX Upgrading-NSH-and-the-RSCD-agent-using-the-Solaris-SVR4-package-installer Upgrading-the-Network-Shell-or-the-RSCD-agent-using-RPM

4. If any of the Configuration Objects (COs) are missing after upgrade, distribute the COs again. For more information, see Creating-or-modifying-Distribute-Configuration-Objects-Jobs.

Installing (fresh) an RSCD Agent on a target server

1. Download and extract the RSCD_SecurityFixes_<version>_HF2_V1.zip file to a temporary directory.

   The extracted directory contains TSSA<version>-RSCDAgents.zip.

2. Extract the TSSA<version>-RSCDAgents.zip file.

   The extracted directory contains the RSCD Agent installers (RSCD<version>-<platform>).

3. Use one of the following methods to install the RSCD Agent:
   • (Method 1) Create and run the Agent Installer Job. For more information, see Creating-an-agent-bundle and Creating-an-Agent-Installer-Job. 

   • (Method 2) Use one of the methods described in the following table:
     

     Method	Reference (Windows)	Reference (Linux/Unix)
     Interactive installation	Installing-the-RSCD-agent-Windows (Required only when installing the RSCD Agent on a domain controller) During installation, provide password (mandatory) for the BladeLogicRSCDDC user.	Installing-only-the-RSCD-agent-Linux-and-UNIX
     Silent installation	Using-silent-mode-to-install-an-RSCD-agent-Windows (Required only when installing the RSCD Agent on a domain controller) During installation, provide password (mandatory) for the BladeLogicRSCDDC user by using the following command: msiexec /I RSCD.msi <Existing options> BLADELOGICDCUSERPASSWORD=<password>	Using-silent-mode-to-install-the-RSCD-agent-Linux-and-UNIX

Applying the hotfix to the RSCD Agents installed on Application Servers and Repeaters

Depending on the platform, use the instructions described in one of the following tabs: