Traffic Manager 3

TGP SOFTWARE NEWS:

FULL MESSAGE

Warning

Unfortunately we have discovered that our software has been abused by a hacker. We urge all our users to apply the patch provided below to all your TM3s immediately.

What kind of damage can the hacker do to my TM3 and server?

The amount of damage depends on your system setup. It is possible for the hacker to execute system commands as the user which runs the web server (e.g. 'apache'). If your server doesnt have additional security measures like a firewall (to prevent rootkit-ing), chrooted environment and if software with security issues is installed as root, additional damage can be done.

Who needs protection?

Your TM3 is vulnerable to this attack if you have a version prior to TM3-061011. You can check which version you have in Setup menu (on the bottom).

How can I protect myself?

You need at least some basic SSH knowledge to apply the patch. In case you you don't understand the installation steps below, contact your server administrator and ask him to apply the patch for you.

Connect to your server with SSH protocol (using e.g. PuTTY)
Select a patch appropriate for you operating system and download it using a command like wget or fetch:
- Linux: patch3-linux (new version)
  - If you've used the old patch, and it didnt work for you (created a zero-sized file in cgi-bin), you need to run this command prior to installing the new patch:
  - ```
  mv -f /path/to/tt/bin/tttoplist /path/to/cgi-bin/tm3/tttoplist 
```
- FreeBSD 5.x: patch3-bsd52 (compiled on 5.2)
- FreeBSD 4.x: patch3-bsd411 (compiled on 4.11 - new)
```
bash$ wget http://www.tgpsoftware.com/patches/patch3-linux <press enter>
If successful, 'patch3-linux' was saved into the current directory
```

Prepare the patch for running:

bash$ chmod 755 patch3-linux <press enter>
bash$

Run the patch with the path to your /cgi-bin/tm3/tttoplist as the paramater:

bash$ ./patch3-linux /home/httpd/mysite.com/cgi-bin/tm3/tttoplist <press enter>
If the patch was applied successfully, the output should look like this:
source:/home/httpd/mysite.com/cgi-bin/tm3/tttoplist
destination:/home/httpd/mysite.com/tt/bin/tttoplist

Your TM3 has been successfully patched!
bash$

You have successfully patched your TM3. Repeat the last step for all the sites on the server. Please keep in mind that if you have other TM3s installed with different unix usernames, you need to log in with the respective username (using PuTTY).

What do I do if something goes wrong during the patching procedure?

If you patch your TM3 and discover a problem later on (for example internal server error on http://yoursite.com/cgi-bin/tm3/tttoplist), you can easily remove the patch by typing:

bash$ ./patch3-linux --uninstall /home/httpd/mysite.com/cgi-bin/tm3/tttoplist <press enter>
If the patch was removed successfully, the output should look like this:
TM3 patch has been successfully removed.

Such such a case occur, please notify us immediately and we will try to discover the problem and help you to apply the patch successfully.

Credits

We would like to thank Conrad and isprime.com for assistance and logs regarding this issue.