Problem Overview

================
Product:

InfoSphere Guardium

Release:

9.0

Fix ID#:

SqlGuard_9.0p4030_SnifferUpdate

Revision:

74670

Fix Completion Date:

2015-04-14

Description:

Resolve v9.0 Sniffer issues

MD5SUM

0d518bdc06defb43f9e9c9b35c4bb44d

Sniffer Update: 4015, 4016, 4017, 4018, 4019, 4020, 4021, 4022, 4023, 4024, 4025,
4026, 4027, 4028, 4029, 4030
Notes:

Installation of this patch 4030 will automatically restart the sniffer process.

Universal sniffer patch can be installed on top of any GPU starting with v9.0 patch 50
or higher.

When this patch is installed on a collector appliance, make sure that the patch is also
installed on the corresponding aggregator appliance. Do this to avoid aggregator
merge issues.

9.0p4030 will fail to install on a v9.0 Guardium system that does not have GPU p50
or a higher numbered GPU (patch or .ISO) installed will display the following error
message:
ERROR: Patch Installation Failed - Incompatible GPU level. GPU p50 or higher
required.

The bugs that were fixed in these patches:

Fix #

Sniffer

Problem

Description

4015

43300/
43840

Escape all special characters from the regex.h library used for
matching tuples.
Fix parser error, bind variable types amended.

4016

44342/
44345/
44370/
44382

From clause on delete statement is optional.

Fix flag for Oracle xml strings.
Fix parser error when using resource minimum 30 in CREATE
GROUP.
1

Fix #

Sniffer

Problem

Description
Fix parser error, common table expression in query results.

4017

4018

43543/
44569/
44589

Fix instance where bind variable is not handled correctly in

Sybase IQ traffic.

44217/
44412/
44469.
44520/
44612

For specific SQL on MS SQL, password not masked -fix fixup

routine in ParserRequestHandler.

Records affected from Full SQL entity return extremely high

numbers- implemented guessing mechanism for flags.

Remove column GDM_CONSTRUCT_INSTANCE.SECONDS.

Fix condition for client/server ip boundary conditions.
Fix parser error, common table expression.
Fix parser error, Greenplum DB create table with append
optimized.

4019

43386/
44217/
44824

Changed single quoted string in SET CLIENT statements to

literal instead of object. It will no longer contribute to the
construct ID hash.
For specific SQL on MS SQL, password not masked -fix fixup
routine in ParserRequestHandler.
Fix instance of Buffer Usage Monitor script sniffer memory
incorrect on 64-bit machines.

4020

44119/
44939

Fix custom ID procedure.

4021

44986

Add bound-check for template id to prevent sniffer stop due to

index-out-of-range error.

4022

44933

Fix instance of unclear Sybase exceptions - TDS_SYB-13-4849 and TDS_SYB-97-100-0

4023

36320/
44216

Fix logger problem specific to Hadoop.

45385/
44563

Fix instance of Oracle-sql-logger replaced by hive-sql-logger.

44589

Records affected from Full SQL entity return extremely high

4024

4025

Fix high logger queues and memory consumption.

Add analyzer rule A_NO_LOGIN_ACTION. Currently it is
specific for Oracle and forces to set user name to '?' in case
platform information is missed.

Fix #

Sniffer

Problem

Description
numbers- implemented guessing mechanism for flags.

4026

44119/
44430/
45526/
45607

Fix custom ID procedure

Fix instance of packet_run returning TCP for MS SQL traffic
even if the actual NET_PROTOCOL is Named PIPE.
Fix instance of Bind Variable not correctly handled in Sybase
IQ, using setInt() in Java application.
Add HRPC protocol v8 to fix instance of no DB_USER for
Hadoop traffic.

4027

42120/
44046/
45629/
45669

Fix instance of guessing usernames from packets, if login

packet was lost.
Fix Sybase parse error by truncating "distribute" statement and
allowing to parse it.
Fix instance in Sybase IQ where remote TCP DB_user not
logged into GDM-tables.
Fix problem with Sybase declare statement.

4028

45727

Add new parameter, force_tls_and_log_access_only. Turning

on this parameter will force use_tls=1 and failover_tls=0
regardless of their settings in the .ini file. In addition,
utap_server on the snif side will flag the analyzer so it knows to
only log access details.
Only user session info will be recorded and S-TAPs are using
SSL encryption to connect to appliance.
In reports, successful SQLs will display as 1 and Failed SQLs
will display as 0.

4029

44589/
45704/
45728

Records affected from Full SQL entity return extremely high

numbers- implemented guessing mechanism for flags.
Fix instance of Informix prepared statements missing
corresponding statements with actual values.
Fix instance of Informix not extracting DB User from Login
Packet for Local App Connection.

4030

44702/
45704/
45727/
45779/
45780

xml db: Fine tune the division into objects and fields.
45704 - see patch 4029
45727 - see patch 4028
Fix instance of Sniffer conflict with SHA1() segfault.
Oracle parser -- recode to avoid infinite loop.
3

2015-April-14
IBM InfoSphere Guardium Licensed Materials - Property of IBM. Copyright IBM Corp. 2015. U.S. Government Users
Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information
(www.ibm.com/legal/copytrade.shtml)