How to: Batch installation of hotfixes and extension packages How to: Set shared memory on Master and Replicas How to: Get inactivity timeout enabled on the target user for suexec sessions How to: Restart a BoKS bridge without running Boot How to: Debug suexec inactivity timeout How to: Prevent users who only use Administrative GUI appearing in /etc/passwd How to: Restart BoKS remotely on a Server Agent from the Master How to: Clean up 'Users logged on' list How to: Update the BoKS Control Center Java Keystore file after changing Root CA How to: Import users from /etc/passwd from the command line How to: Request a BoKS Manager license How to: Force complete download of database to a Replica server How to: Debug BoKS Web Services Interface 6.7 and later and Admin Server How to: Configure an existing host in a BoKS Domain to use Host Pre-registration functionality How to: Create a new host certificate with Fully Qualified Domain Name (FQDN) How to: Update the BoKS Web Services Interface Java Keystore file after changing Root CA How to: Prevent users who only use BCC appearing in /etc/passwd How to: Debug SSH How to: Refresh setup parameters How to: Configure Certificate Authentication for Auto-registration How to: Change nodekey - Replica or Server Agent for Unix/Linux How to: Change Default Organization in BoKS Reporting Manager How to: Configure Session Timeout in BoKS Control Center How to: Debug the Web Services Interface and Admin Server How to: Debug clntd How to: Upgrade the Java Runtime (JRE) for BoKS Control Center How to: Enable SSL/TLS for BoKS Reporting Manager How to: Import a host certificate signed by an external CA How to: Upgrade the Java Runtime (JRE) for Web Service Interface (WSI) How to: Determine if and by which users UNIX groups are used How to: Configure Certificate Fingerprint Authentication for Auto-registration How to: Upgrade JRE for BRM installation How to: Synchronize passwords from Active Directory to BoKS with Active Directory Bridge How to: Reading audit log on BoKS 7.0 Master from previous versions. How to: Update local /etc/passwd file on Server Agent How to: Change the default hash algorithm for x.509 certificate signatures How to: Migrate Unix Groups to new format in BoKS 7.0 and later How to: Relay audit logs to an external syslog server in BoKS Manager 7.0 How to: Set timezone for a host in BoKS Manager 7.0 How to: Set up SSH Certificate login for externally-generated certificates How to: Upload large files to support using SFTP How to: Script for collecting platform statistics How to: Upgrading BoKS Manager from version 6.x to 7.x How to: Measure Server Agent to Replica Response with the showmaster Command How to: Solaris 11.3 Live Update with BoKS Active (Client/Server Agent ONLY) How to: Debug BoKS Control Center and Admin Server How to: Integrate external applications into BoKS using PAM How to: Change the GID of a set of Unix groups How To: Getting started with Host Pre-registration How to: Define alarm events in BoKS Manager 7.0 How to: Verify that the Master can reach a Server Agent and vice versa How to: Use boksinfo to assist FoxT in troubleshooting BoKS issues How to: Create new Host Virtual Card for the Master using fccsetup How to: Create new Host Virtual Card for the Master using adminwiz How to: Run simultaneous debug and truss of BoKS CLI commands on Solaris How to: Speed up lsbks How to: Debug servc How to: Simultaneous debug and strace of BoKS CLI commands on Linux How to: Check certificates used by BCC and the Master admin server interface, boks_bccasd How to: Add comments to the ENV file How to: Configure BoKS communication through a firewall How to: Set up chroot for sftp How to: Turn off authentication service to Server Agents on Master How to: Count how many Server Agents a Replica is currently serving How to: Use suexec to redirect command output to controlled file How to: Display user creation and last modified timestamps
Hotfix: suexec dumps core or produces incorrect logs of arguments (HFBM-0054) Hotfix: lsbks performance issues in BoKS 6.7 (HFBM-0068) Hotfix: CVE-2013-2566, CVE-2014-3566 (HFBM-0055) Hotfix: LDAP sync causes unnecessary password updates (HFBM-0066) Hotfix: AD Bridge issues on Solaris and AIX (HFBM-0067) Hotfix: AD Controller is unreachable - users previously imported from the AD are deleted by adsync (HFBM-0048) Hotfix: CVE-2015-1788 in BoKS 7.0 (HFBM-0073) Hotfix: Ability to update a password file entry from within a Server Agent (HFBM-0074) Hotfix superseded: HFBM-0072 - CVE-2015-1788 (BoKS 6.7) Hotfix: nopswupdate, noclntd host flags not honored, memory fragmentation issues lead to failed authentications (HFBM-0045) Hotfix: Fixes to the new keystroke log transport framework introduced in BoKS 7.0 (HFBM-0071) Hotfix: Login with Single Sign-on via telnet fails two out of three times (HFBM-0059) Hotfix: Keystroke logged sessions could sometimes leave orphaned kslog processes on the system (HFBM-0060) Hotfix: Large uid/gid Values Stored as Negative on Linux (HFBM-0028) Hotfix: BCC Error When Expanding AD-mapped Host Group Basic Data (HFBM-0046) Hotfix: REPORT_BOKS_SSH_VERSION=on Shows OpenSSH Version (HFBM-0049) Hotfix: The SELinux policy module for suexec is missing some permissions causing it to fail in some circumstances (HFBM-0061) Hotfix: BoKS Control Center (BCC) reports "Failed to add ... unix group" (HFBM-0056) Hotfix: UID change in AD does not change username in BoKS (HFBM-0065) Hotfix: Issues with adjoin and adsync (HFBM-0064) Hotfix: Issues with retrieval of kslog files using getreports (HFBM-0062, HFBM-0139) Hotfix: Cannot run BoKS SSH Client for Windows 7.0 with BoKS Manager 6.7 infrastructure (HFBM-0063) Hotfix: CVE-2013-2566, CVE-2014-3566 fix for BoKS Password Manager (HFBM-0091) Hotfix: BoKS Reporting Manager database inconsistency problem (HFBRM-0005) Hotfix: Multiple ssh slave connections may fail and cause Master connection to fail (HFBM-0092) Hotfix: BoKS bridge batch processing may silently fail if an fque file is corrupt (HFBM-0089, HFBM-0090) Hotfix: CVE-2015-5352 x11_open_helper function in channels.c in ssh in OpenSSH before 6.9 (TFS151030-011875, HFBM-0087, HFBM-0088) Hotfix: Speedup of clntd send bridge (HFBM-0093) Hotfix: Updates to the BoKS 6.7 SELinux policy (HFBM-0098) Hotfix: Multiple corrections in boks_upgrade (HFBM-0103) Hotfix: boks_bccasd ABAC fixes (HFBM-0095) Hotfix: CVE-2015-3194 Certificate verify crash with missing PSS parameter (HFBM-0096) Hotfix: CVE-2015-3194 Certificate verify crash with missing PSS parameter + boks_bccasd ABAC fixes (HFBM-0094) Hotfix: Cannot specify User Class Name including '.' in BCC (HFBM-0077) Hotfix: Application Agent generic audit logging (HFBM-0081) Hotfix: Keystroke log and BIC report retrieval fails if destination directory on separate disk partition (HFBM-0062) Hotfix: Alternative chains certificate forgery [BoKS 6.7] (HFBM-0075) Hotfix: Alternative chains certificate forgery, BoKS 7.0 (HFBM-0076) Hotfix: Fix for adjoin if any server in the list _ldap._tcp. returns error [BoKS 6.7] (HFBM-0069) Hotfix: SUEXEC allows non-interactive password change of target account (HFBM-0079, HFBM-0078, TFS150903-011660) Hotfix: Multiple AD Bridge enhancements (HFBM-0070, HFBM-0085) Hotfix: Large number of Unix groups causes admin server to stop responding (HFBM-0082, HFBM-0083) Hotfix: Fix for adjoin if any server in the list _ldap._tcp. returns error [BoKS 7.0] (HFBM-0084) Hotfix: SSH login with Kerberos authentication, may be prompted for keyboard-interactive authentication (HFBM-0080, HFBM-0086) Hotfix: Log Replication Error 101 "out of sync" (HFBM-0031) Hotfix: kslog Memory Access Violation on AIX (HFBM-0035) Hotfix: GUI Admin Operations / BoKS Daemons Logged as User Who Started/Booted BoKS (HFBM-0052) Hotfix: Replica Performance on Redhat 6 With ext4 Filesystem (HFBM-0050) Hotfix: Reading/Writing Remote Files With cadm Slow (HFBM-0051) Hotfix: User gains root privileges from su, suexec and kslog (HFBM-0030) Hotfix: lsbks Fails to Display Primary User Class Access Routes (HFBM-0034) Hotfix: Failed Login Count Does Not Increase For Failed SecurID Authentication (HFBM-0014) Hotfix: SSH Public Keys for Wrong Users Updated / Removed (HFBM-0029) Hotfix: Malformed suexec Access Route Allows Execution of Any Command (HFBM-0027) Hotfix: Host Group Change Via ldapusersync Denied (HFBM-0026) Hotfix: Excessive messages for secondary group updates (HFBM-0262) Hotfix: Delay sending updates to auto-registered host (HFBM-0260) Hotfix: Misleading error messages from old Server Agents (HFBM-0261) Hotfix: Wrong Max Connection Limit For servc Receive Bridge (HFBM-0264, HFBM-0265) Hotfix: SSH Vulnerabilities (HFBM-0257, HFBM-0258, HFBM-0259) Hotfix: Database Update Operations Timeout (HFBM-0254, HFBM-0255) Hotfix: Segfault in boks_sshd on ssh_exec with long command line (HFBM-0245) Hotfix: su from root fails on HP-UX (HFBM-0053) Hotfix: Access rules with authentication modifiers that worked correctly in BoKS 7.0 and earlier fail in BoKS 7.1 (HFBM-0250) Hotfix: Audit log entries contain the wrong username if 'nested' suexec sessions are run (HFBM-0252 & 0253) Hotfix: boks_servc crashed for one specific user with a must use LDAP authenticator assigned (HFBM-0251) Hotfix: boks_master Slowed Down by Host Lookup Routine (HFBM-0020) Hotfix: setuid Programs Use Debug Options in Insecure Way (HFBM-0025) Hotfix: SuSE Linux Lets Non-member newgrp to Group With Empty Password (HFBM-0018) Hotfix: Non-BoKS User Attempting ftp With Empty Password Causes Client to Stop Responding (HFBM-0015) Hotfix: Replica Takes Long Time to Retry Connection to Master (HFBM-0016) Hotfix: xRBAC Rolesets Needed For Oracle Solaris 11 (HFBM-0023) Hotfix: Active Directory Users' expire-date Reset Every Time adsync is Run (HFBM-0040) Hotfix: Username Checking Too Restrictive For Some Environments (HFBM-0042) Hotfix: lsbks -l -DB May Not List Correct Reason For User Block (HFBM-0041) Hotfix: adjoin Constraint Violation Errors (HFBM-0037) Hotfix: SSL Vulnerabilities in OpenSSL 1.0.1-1.0.1e (HFBM-0043) Hotfix: SELinux Not Supported When BoKS Installed (HFBM-0038) Hotfix: Log File Size Limit of 2GB Too Small (HFBM-0036) Hotfix: ldapusersync Call to modbks to Set Encrypted Password Fails (HFBM-0021) Hotfix: On-demand Creation of Home Directories Fails (HFBM-0032) Hotfix: adsync fails with "Failed to determine DC for DN" (HFBM-0040) Hotfix: OpenSSL Vulnerabilities Listed in secadv_20140605.txt (HFBM67-0047, HFBM66-0047, TFS140609-014911) Hotfix: Core Dump Due to Memory Leak in servc (HFBM-0012) Hotfix: modbks -G Not Updating Database or Removing User From Password Files (HFBM-0013) Hotfix: ssh and boks_sshd not Presented With Clear Cache Option on Key Mismatch (HFBM-0033) Hotfix: Remote Sessions in BoKS Crashing on Red Hat Linux 5 (HFBM-0017) Hotfix: Restarting boks_master Process May Cause servm Send Bridge to Stop Responding (HFBM-0011) Hotfix: Multiple corrections in boks_upgrade (HFBM-0104) Hotfix: Timeout when listing Host Groups (HFBM-0193, HFBM-0237) Hotfix: BRIDGE_DOMAIN ENV variable range limitation (HFBM-0194, HFBM-0207) Hotfix: Improved load balancing (HFBM-0191, HFBM-0192) Hotfix: Local caching of authentication requests (HFBM-0188, HFBM-0189) Hotfix: Bad error handling causing repeating SSL errors in kslog remote logging and file transfer (HFBM-0190) Hotfix: Users in hostgroup not removed from host when host removed from hostgroup (HFBM-0196, HFBM-0197) Hotfix: Removal of access rules with wildcards in access methods (HFBM-0204) Hotfix: Heimdal before 7.4 allows remote attackers to impersonate services (HFBM-0202, HFBM-0203, HFBM-0205, HFBM-0206) Hotfix: User Inactivity Timeout on HP-UX 11 (HFBM-0201) Hotfix: boks_bridge failed to bind to any address when IPv6 disabled (HFBM-0200) Hotfix: Mapping of Distinguished Name to multiple users (HFBM-0199) Hotfix: Suexec without safepath does same checks as with safepath (HFBM-0180-2) Hotfix: scp transfers may fail with BOKS_SSH_FTL enabled (HFBM-0181) Hotfix: Support for BoKS SELinux policy via RPM (HFBM-0166) Hotfix: boks_drainmast update batch size and contents for BoKS 6.7 (HFBM-0169-1) Hotfix: Replica may sometimes fail to notify Master (HFBM-0178, HFBM-0179) Hotfix: boks_clntd enforces wrong permissions on authorized_keys (HFBM-0176, HFBM-0177) Hotfix: Rename hostgroup does not rename all needed elements in database (HFBM-0184) Hotfix: boks_bccasd runs out of memory when processing large log files (HFBM-0183) Hotfix: Optionally disable distribution of UNIX crypt passwords (HFBM-0170, HFBM-0187) Hotfix: Support for BoKS SELinux policy via RPM (HFBM-0167) Hotfix: Wrong permissions on file /opt/boksm/bin/ssh-agent on Redhat EL 6 systems (HFBM-0182) Hotfix: Support for authentication via RADIUS (HFBM-0234) Hotfix: BoKS 6.7 OpenSSL upgrade (HFBM-0235, HBM-0236) Hotfix: Limit number of simultaneous connections to servc and save remote nodekey in bridge and speedup clntd send bridge (HFBM-0238) Hotfix: Enhancements to kslog level 4 (HFBM-0230, HFBM-0231, HFBM-0232, HFBM-0241) Hotfix: clntd send bridge slow with many messages in queue (HFBM-0233) Hotfix: internal-sftp generates SELinux errors (HFBM-0247) Hotfix: Buffer overrun vulnerability in tcpcrypt (HFBM-0223) Hotfix: Support for LDAP password authentication in X display lock (HFBM-0239, HFBM-0240) Hotfix: RSA ACE lib upgrade to 8.5.1 (HFBM-0242, HFBM-0243) Hotfix: Reduce the database lock time in dumpbase (HFBM-0246) Hotfix: Shared SSH connections and BoKS FTL could cause connections to fail (HFBM-0198, HFBM-0244) Hotfix: boks_autoregister timeout too short (HFBM-0214) Hotfix: Secondary UNIX group membership not always updated (HFBM-0215, HFBM-0216) Hotfix: BoKS Web Services Interface user listing requests take a long time (HFBM-0209, HFBM-0210) Hotfix: Reduce boks_cached file descriptor usage (HFBM-0208) Hotfix: SSH fails intermittently (HFBM-0211, HFBM-0212, HFBM-0213) Hotfix: Avoid Shared Memory Allocation with Default 1MB in boks_master (HFBM-0221) Hotfix: Vulnerability in SSH user key provisioning (HFBM-0225, HFBM-0226, HFBM-0227) Hotfix: boks_blogad alarm cmd parameter problems (HFBM-0228, HFBM-0229) Hotfix: BoKS 7.1 compatibility issues with BoKS 6.5 and 6.6 Server Agents (HFBM-0224) Hotfix: Limit number of simultaneous connections to servc and save remote nodekey in bridge (HFBM-0220) Hotfix: SSH_EXEC with kslog enabled gets uid root (HFBM-0222) Hotfix: BoKS may occasionally kill unrelated processes (HFBM-0123, HFBM-0124) Hotfix: Configurable bridge listen backlog to avoid "Possible SYN flood" messages (HFBM-0125, HFBM-0126) Hotfix: Restbase sets raw log format when restoring pre-7.0 database and BCC fails to show raw logs (HFBM-0122) Hotfix: CVE-2016-2107 Padding oracle in AES-NI CBC MAC check (HFBM-0118, HFBM-0119) Hotfix: Support for Linux-compatible SHA512 password hash algorithm on AIX (HFBM-0120, HFBM-0121) Hotfix: BoKS syslog integration & UDP support (HFBM-0105) Hotfix: Slow replica performance (HFBM-0129, HFBM-0130) Hotfix: boks_drainmast to use read lock of database (HFBM-0137, HFBM-0138) Hotfix: Queued batched messages on a Replica could make it take a long time to register on the Master (HFBM-0131, HFBM-0132) Hotfix: Allow groupadm to do listings on replicas (HFBM-0133, HFBM-0134) Hotfix: Make UPN case insensitive in BoKS (HFBM-0135, HFBM-0136) Hotfix: boks_bru may fail to restore large databases (HFBM-0108, HFBM-0109) Hotfix: boks_sshd performance on x86/x86_64 architectures (HFBM-0110, HFBM-0111) Hotfix: BoKS v6.7. suexec may fail on Linux if touser has more processes running than allowed for fromuser (HFBM-0107) Hotfix: BoKS Reporting Manager 6.7 fixes for duplicate members in BoKS database and deadlock problem for parallell jobs (HFBRM-0006) Hotfix: BoKS Reporting Manager 7.0 fixes for duplicate members in BoKS database and deadlock problem for parallell jobs (HFBRM-0007) Hotfix: BoKS 7.0 on RHEL 7.2: SecurID stopped working with SELinux enabled (HFBM-0106) Hotfix: hostadm -n may dump core intermittently (HFBM-0117) Hotfix: Speedup of clntd send bridge (HFBM-0097) Hotfix: boks_udsqd simultaneous connection limit (HFBM-0115, HFBM-0116) Hotfix: BoKS SSH File Transfer Logging does not handle logging of file access and modification time correctly (HFBM-0101, HFBM-0102) Hotfix: CVE-2016-3115 - Security vulnerability in ssh X11 forwarding (TFS160407-012310, HFBM-0113, HFBM-0114) Hotfix: Suexec does not log LID when kslog is enabled (HFBM-0161) Hotfix: Password update performance suffers when many keystroke log files are fetched (HFBM-0162, HFBM-0163) Hotfix: bokslogadm not rotating the log file (HFBM-0158) Hotfix: BCCAS / WSI communication stops functioning (HFBM-0155, HFBM-0156) Hotfix: Configure allowed Master IP addresses (HFBM-0159, HFBM-0160) Hotfix: Keystroke log entries are not shown in audit reports (HFBRM-0008) Hotfix: KSL default logging, local/remote (HFBM-0173) Hotfix: Master to Replica replication adversely impacted by update batch size and contents (HFBM-0168, HFBM-0169) Hotfix: BoKS 7.0 kslog errors (HFBM-0175) Hotfix: Suexec access routes with the suexec_touserenv modifier can allow arbitrary command execution. (HFBM-0164,  HFBM-0165, TFS161110-012881) Hotfix: Problems with bokslogview and audit log forwarding from Replicas (HFBM-0172) Hotfix: Make 'authadm list' get data from servc (HFBM-0142, HFBM-0143) Hotfix: kslog producing too much output log data (HFBM-0148, HFBM-0149) Hotfix: Incorrect handling of profile files for nfs-mounted homedirs exported with root squash (HFBM-0146, HFBM-0147) Hotfix: boks_master may be slow because it is reading all of TAB_LOGIN (HFBM-0127, HFBM-0128) Hotfix: ssh client to honor the ok-as-delegate flag in kerberos service tickets (HFBM-0140, HFBM-0141) Hotfix: Core dump in pam_boks.so.1 when logging in via XDM (HFBM-0144) Hotfix: Multiple vulnerabilities in OpenSSL (HFBM-0153, HFBM-0154) Hotfix: Failure to update passwd and shadow files on RedHat if some components of SELinux are missing (HFBM-0157) Hotfix: Three problems in groupadm corrected (HFBM-0152) Hotfix: Core dump in pam_boks.so.1 when logging in via XDM (HFBM-0145) Hotfix: adsync domain controller selection sub-optimal (HFBM-0150, HFBM-0151)
Reference: classadm man page Reference: bcastaddr man page Reference: Access Routes when Modifying a Host Group Name Reference: hgrpadm man page Reference: rmbks man page Reference: ttyadmin man page Reference: routeadm man page Reference: Pre-registration Classifications Background Reference: BoKS 6.7 Embedded Third-Party Libraries Reference: AD Permissions Needed for AD Bridge Reference: Ports used by BoKS Reference: Product End-Of-Life information: BoKS 6.5 and 6.6 Reference: Modifying a Host Group Name Reference: Access without Password versus Single Sign-on Reference: Allowed wild cards in Access Routes and program groups Reference: mkbks man page Reference: FoxT BoKS Manager Platform End of Life (EoL) Reference: Extra Windows Logon Required for Remote Desktop Connection Reference: API Changes Version 1.0.0 - 1.1.1 Reference: CLI Data Collection Mechanism Modified in BoKS 6.6 And Later Reference: BoKS Release Notes Reference: BoKS Manager pre-7.1 Installation Guides Reference: BoKS Manager 7.1 Installation Guide Reference: Dos and Don'ts Registering a Host Reference: Nodekeys Reference: HostIDs Reference: modbks man page Reference: hostadm man page Reference: BoKS CLI Changes, Version 6.5.4 - 6.7.0 Reference: Hotfix and Extension Package Installation Order Reference: Home Directory Host Configurations for Unix Hosts Reference: BoKS Monitoring Guide Reference: Protection of keystroke logs Reference: Limitations when using host certificates signed by external CA Reference: Changes to default Alarm Events Reference: BoKS support for OpenSSH sshd options Reference: Support for SHA-2 signed x.509 certificates in FoxT products Reference: BoKS Manager 7.1 Platform Support Reference: Not supported to use NIS master with shadow file on IBM AIX Reference: BoKS Control Center Installation Guides Reference: BoKS Manager 7.1 CLI Reference Guide Reference: BoKS Manager Unix Groups Migration Guide Reference: FoxT Attribute-Based Access Controls Guides Reference: Keystroke logging modifiers in different BoKS versions Reference: Wildcard support for target user in SU and SUEXEC Access Routes / Rules Reference: Algorithm configuration for the BoKS SSH server Reference: Running BoKS in Solaris Kernel Zones Reference: BCC 7.0 Embedded Third-Party Libraries Reference: Is BoKS supported on Oracle Linux? Reference: Did the kslog format change in 7.0? Reference: BoKS 7.0 Embedded Third-Party Libraries Reference: End of Life (EoL) for BoKS Manager 6.5, 6.6, 6.7 and 7.x Reference: Introduction to licensing in BoKS 7.0 Reference: suexec_touserenv issue with PATH variable Reference: BoKS Hotfix naming convention Reference: Ports used by BoKS version 7 and later Reference: SSH password authentication Reference: How to verify authenticity of FoxT Advisory E-mails Reference: Configuring a Replica for Failover Reference: List of LDAP attributes requested by AD Bridge Reference: BCC 7.0 - Maximum name length for Host Groups and User Classes Reference: How bremotever file distribution works
Troubleshooting: Set never expiring account and/or password in BoKS Troubleshooting: Forgotten password for the BoKS Admin Root CA Troubleshooting: Another application made additions to /etc/pam.d/, but these are lost during upgrade Troubleshooting: adjoin fails with "Could not use any credentials in keytab" error Troubleshooting: setup "cannot locate a server" Error Troubleshooting: Admin changes password on Master, but account password doesn't change Troubleshooting: Accidentally deleted a preinstalled report in Reporting Manager Troubleshooting: VMware machine unable to find BoKS Master or Replicas Troubleshooting: Usernames of users synchronized from LDAP changed to lowercase Troubleshooting: Library error /lib64/libldap-2.4.so.2: undefined symbol: ber_sockbuf_io_udp Troubleshooting: Missing entries in $BOKS_data/db.conf when restoring 6.5 database Troubleshooting: adsync error when requesting kerberos ticket "kinit -k hostname : kinit password incorrect" Troubleshooting: Password change is not reflected in /etc/passwd during a Rolling Upgrade scenario Troubleshooting: Access Route creation fails with "Error in FROM part" when $USER is used Troubleshooting: Remote BoKS process restart Troubleshooting: The "*" character in a program definition for SUEXEC does not descend into sub-directories Troubleshooting: Remotely debugging BoKS processes Troubleshooting: Route creation using double-quotes results in incorrect route Troubleshooting: Installation of BoKS Server Agent 6.7 on Red Hat 7.1 fails Troubleshooting: BRM error 30130 - Failed to send user input parameters for the report Troubleshooting: BoKS error log: Cannot encrypt message. No key found for IP Troubleshooting: Avoiding slow passwd updates, cadm or GUI operations caused by queued client messages Troubleshooting: Not all users are displayed in user class listing in BCC. Troubleshooting: User Immediately Logged Out Troubleshooting: Unable to login with SSH although Access Routes, authenticator settings etc. seem correct. Troubleshooting: BoKS Hotfix Installation Within a Solaris Zone Gives Warning Troubleshooting: BoKS not active - SSH password authentication failed Troubleshooting: "Hostbased permission denied" error with SSH hostbased authentication Troubleshooting: AD/Kerberos authentication fails with "server not found in kerberos database" Troubleshooting: OpenSSL Vulnerabilities Listed in secadv_20140605.txt Affecting BoKS Desktop Troubleshooting: Error ORA-30036: unable to extend segment Troubleshooting: boks_bru Database Import Seems to Halt or Takes 30 Minutes or More Troubleshooting: Unable to acquire initial Kerberos ticket on HP-UX Troubleshooting: OpenSSL Advisory secadv_20140806.txt Impact on BoKS Desktop OpenSSL "TLS heartbeat read overrun" Vulnerability (aka Heartbleed) Troubleshooting: java.security.cert.CertificateException: no name matching found Troubleshooting: Backspace key not working when logging in with ssh to BoKS Windows Server Agent Troubleshooting: SECONDARY_ADDRESS_LIST in bcastaddr Not Working Troubleshooting: BCC Presentation Server Does not Start on System Boot Troubleshooting: domainstatus Reports Live lfAC Disabled When it Should be Enabled Troubleshooting: BoKS Reporting Manager Data Import Stops Working Troubleshooting: boksdiag list Still Shows Replica After It's Been Converted to Client Troubleshooting: Master still has messages queue for deleted host Troubleshooting: Password hash still updating even though deactivated with bksdef Troubleshooting: Red Hat client can't find server, but master can communicate with client Troubleshooting: su Dumps Core Due to Issue With pam_boks.so.1 Troubleshooting: suexec to correctly handle CLI wildcards Troubleshooting: BoKS daemons die during Solaris LDOM live migration Troubleshooting: X Window System login in Red Hat EL 7.2 not working with BoKS enabled Troubleshooting: Unable to view the audit log in BCC Troubleshooting: Hotfixes and SELinux on Redhat (concerning hotfixes released before 02/23/2017) Troubleshooting: LDAP authentication fails with SELinux on RHEL 7 Troubleshooting: BoKS Manager 6.7.1; backoutpatch fails on Solaris 10 Troubleshooting: boks_sshd warning terminating, bad configuration options Troubleshooting: boks_sshd error: no more sessions Troubleshooting: BRM "Could not connect to report server." Troubleshooting: Problems fixed in upgrade_client Troubleshooting: Problem with revision A4 of the BoKS Manager 6.7 package for Red Hat 7 Troubleshooting: Activation of BoKS on Debian and Ubuntu causes sudo to fail Troubleshooting: Inactivity timeout when combining keystroke logging on both SSH and SUEXEC Troubleshooting: warning clntd call to get_user_data failed; udata->error = -1 Troubleshooting: SUEXEC with redirection to file fails with SELinux Troubleshooting: X11 Forwarding via SSH fails with "X11 forwarding request failed on channel x" Troubleshooting: /etc/security files on AIX LPAR's and VIO's have zero bytes after BoKS install Troubleshooting: 'Checksum mismatch' errors from ftsd on Replicas and ftcd on Server Agents Troubleshooting: BRM fails to load data when started using system service facilities Troubleshooting: Debugging a failing database connection in BRM Troubleshooting: Running BoKS on IBM VIOS Troubleshooting: Force update of specific user entry on a specific host Troubleshooting: Keystroke log file retrieval Troubleshooting: Access denied by AllowGroups or DenyGroups Troubleshooting: Master <-> Server Agent and Server Agent <-> Replica communication Troubleshooting: shm_warn in BoKS audit log Troubleshooting: Cannot use bdebug to debug adsync Troubleshooting: adjoin can't contact LDAP server Troubleshooting: "adjoin: No such object" Error Troubleshooting: boksdiag list does not show status of a replica Troubleshooting: BoKS SELinux troubleshooting tips Troubleshooting: Out of core memory Troubleshooting: suexec fails on selinux system Troubleshooting: ENV var PORT_RANGE causes fatal error Troubleshooting: Collecting data for troubleshooting BoKS Reporting Manager (BRM) Troubleshooting: adjoin fails with error "Kerberos set password failed" Troubleshooting: BoKS does not enforce Access Routes even though SSM_ACTIVE=true Unable to decrypt keystroke logs in BCC after upgrade from BoKS 6.5.x Troubleshooting: Password login does not work with third party SSH client Troubleshooting: Users get No Terminal Authorization (NTA) when new Replica is brought online Troubleshooting: Unable to login to the virtual console (ILO) with BoKS enabled (works when disabled) Troubleshooting: Not able to SSH to BoKS v6.7/7.0 host after reboot when SELinux is activated Troubleshooting: SUEXEC Fails with servc Error Code 109 Troubleshooting: BCC mis-handles password truncation Troubleshooting: Invalid character(s) in username Troubleshooting: Password Manager does not allow login for users with passwords longer than 8 characters Troubleshooting: Installing BoKS on Solaris 11
Advisory: CVE-2016-0800 Cross-protocol attack on TLS using SSLv2 (DROWN) Advisory: CVE-2016-0705 Double-free in DSA code Advisory: CVE-2016-0701 Key Recovery Attack on DH small subgroups Advisory: CVE_2015-3197 SSLv2 does not block disabled ciphers Advisory: CVE-2016-0704 Bleichenbacher oracle in SSLv2 Advisory: CVE-2016-2105 EVP_EncodeUpdate overflow Advisory: CVE-2016-0798 Memory leak in SRP database lookups Advisory: CVE-2016-0703 Divide-and-conquer session key recovery in SSLv2 Advisory: CVE-2015-1792 CMS verify infinite loop with unknown hash function Advisory: CVE-2015-1791 Race condition handling NewSessionTicket Advisory: CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time Advisory: CVE-2015-1790 PKCS7 crash with missing EnvelopedContent Advisory: CVE-2015-3195 X509_ATTRIBUTE memory leak Advisory: CVE-2015-3196 Race condition handling PSK identify hint Advisory: CVE-2014-8176 Invalid free in DTLS Advisory: CVE-2015-6565 sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices Advisory: CVE-2016-2106 EVP_EncryptUpdate overflow Advisory: CVE-2016-6308 Excessive allocation of memory in dtls1_preprocess_fragment() Advisory: CVE-2016-6309 Fix use after free for large message sizes Advisory: CVE-2016-2181 DTLS replay protection DoS Advisory: CVE-2016-6307 Excessive allocation of memory in tls_get_message_header() Advisory: CVE-2017-3732 BN_mod_exp may produce incorrect results on x86_64 Advisory: CVE-2017-3733 Encrypt-Then-Mac renegotiation crash Advisory: CVE-2016-7052 Missing CRL sanity check Advisory: CVE-2017-3730 Bad (EC)DHE parameters cause a client crash Advisory: CVE-2016-6305 SSL_peek() hang on empty record Advisory: CVE-2016-6303 OOB write in MDC2_Update() Advisory: CVE-2016-2109 ASN.1 BIO excessive memory allocation Advisory: CVE-2016-2176 EBCDIC overread Advisory: CVE-2016-2180 OOB read in TS_OBJ_print_bio() Advisory: CVE-2016-2179 DTLS buffered message DoS Advisory: CVE-2016-6302 Malformed SHA512 ticket DoS Advisory: CVE-2016-2182 OOB write in BN_bn2dec()