In Access Gateway Appliance 4.2.2 and earlier, many packages that Access Gateway Appliance does not use were installed. Access Manager Update Channel does not provide new version updates for these packages. Hence, these package might be old and may contain potential vulnerability. The following is the list of unused packages:
Samba
libMagicCore1
netcat
telnet
rsh
gdb
gdbm
finger
gcc
rpcbind
rsync
tcpdump
In a fresh Access Manager 4.3 and later install, these packages have been removed. However, if you are upgrading your Access Manager setup to 4.3, it is recommended to remove these packages manually.
NOTE:The following sections includes the version of packages used during testing. You may have packages of different versions on your system.
Query for the samba packages installed on the server by using the following command:
rpm -qa | grep -i samba
This lists all versions of all samba packages installed on the server.
Remove the packages by using the following commands:
rpm -e samba-3.6.3
rpm -e samba-winbind-3.6.3
rpm -e samba-client-3.6.3
rpm -e samba-winbind-32bit-3.6.3
rpm -e samba-client-32bit-3.6.3
rpm -e yast2-samba-server-2.18.0
rpm -e yast2-samba-client-2.17.30
It is recommended to remove the packages in the same sequence (top to down) to avoid dependency issues.
Query for the libMagickCore1 packages installed on the server by using the following command:
rpm -qa | grep -i libMagickCore1
Run the following commands:
rpm -e yast2-fingerprint-reader-2.17.7-0.1.201
rpm -e libfprint0-0.0.6-18.22.136
rpm -e libMagickCore1-6.4.3.6-7.30.1
It is recommended to remove the packages in the same sequence (top to down) to avoid dependency issues.
Query for the netcat packages installed on the server by using the following command:
rpm -qa | grep -i netcat
Run the following command:
rpm -e netcat-1.10
Query for the telnet packages installed on the server by using the following command:
rpm -qa | grep -i telnet
Run the following commands:
rpm –e telnet-1.2
Query for the rsh packages installed on the server by using the following command:
rpm -qa | grep -i rsh
Run the following command:
rpm –e rsh-0.17
Query for the gdb packages installed on the server by using the following command:
rpm -qa | grep -i gdb
Run the following command:
rpm –e gdb-7.7
Query for the gdbm packages installed on the server by using the following command:
rpm -qa | grep -i gdbm
Run the following command:
rpm -e gdbm-1.8.3-374.25 --nodeps
NOTE:The gdbm packages has dependency on several other packages in the system. Before removing this package, ensure that it is not required.
Query for the finger packages installed on the server by using the following command:
rpm -qa | grep -i finger
Run the following command:
rpm -e finger-1.3-104.22
Query for the finger packages installed on the server by using the following command:
rpm -qa | grep -i gcc
Run the following commands:
rpm -e gcc-32bit-4.3-62.200.2
rpm -e gcc43-32bit-4.3.4_20091019-0.37.30
rpm -e gcc-4.3-62.200.2
rpm -e gcc43-4.3.4_20091019-0.37.30
It is recommended to remove the packages in the same sequence (top to down) to avoid dependency issues.
Query for the finger packages installed on the server by using the following command:
rpm -qa | grep -i rpcbind
Run the following commands:
rpm -e ypbind-1.22-1.17.x86_64
rpm -e nfs-client-1.2.3-18.38.43.1.x86_64
rpm -e rpcbind-0.1.6+git20080930-6.20.1
It is recommended to remove the packages in the same sequence (top to down) to avoid dependency issues.
NOTE:The rpcbind packages has dependency on several other packages in the system. Before removing this package, ensure that it is not required.
Query for the rsync packages installed on the server by using the following command:
rpm -qa | grep -i rsync
Run the following command:
rpm -e rsync-3.0.4-2.47.28
Query for the tcpdump packages installed on the server by using the following command:
rpm -qa | grep -i tcpdump
Run the following command:
rpm -e tcpdump-3.9.8-1.27.1