Security Update S-2021-01

• Critical, CVSS rating (by baramundi): 9.0

All versions of the baramundi Management Suite from 2017 R1 are affected.

This FixIt resolves the following issues:

For version 2020 R1

• Security: bMC user can gain elevated privileges
• Fixes the display problem that a warning dialog indicating a license violation is displayed falsely during bMC logon, although the maximum number of licensed clients has only been reached but not exceeded.

For version 2020 R2 U1

• Security: bMC user can gain elevated privileges
• The Tempdb system database of the SQL Server instance increases by a multiple when an inventory is performed via Manage Microsoft Update.

For version 2021 R1 

• Security: bMC User can gain elevated privileges
• The tempdb system database of the SQL server instance increases by a multiple if an inventory is performed via Manage Microsoft Update.
• Incorrect DIP servers may be used during OS installation after switching to the new CIDR mode.

baramundi provides the FixIt-2021-S1. This FixIt tool needs to be executed on the baramundi Master Server, as well as the baramundi Gateway and at least on one bMC installation. For additional bMC, PXE and bRemote installations, a MSW update job as usual can be used.

1. Download the lastest MSW definitions and pending downloads.
2. Stop all baramundi server services (bServer, bGateway) on the systems on which the FixIt will be executed.
3. Exit all programs of the baramundi Management Suite (bMC, bRemote) on the systems on which the FixIt will be executed. (Note: To be safe, check this in the task manager of the operating system).
4. Unpack the archive FixIt-2021-S1.zip on the system.
5. Start FixIt-2021-S1.exe with elevated privileges.
6. The tool checks whether the correct bMS version 2021 R1 or 2020 R2 U1 or 2020 R1 is installed and in this case offers to exchange files in the bMS installation directory.
7. Repeat steps 2. to 6. on the gateway (if installed).
8. The necessary update of the bMC is also available as a MSW package and can be distributed via MSW update. (alternatively, the FixIt tool can be used manually - as described in steps 2. to 6.).
9. The necessary update of the bRemote Viewer (Standalone) is available as MSW package and can be distributed via MSW update.
10. The necessary update of the PXE-Relay is also available as a MSW package and can be distributed via MSW update. (alternatively, the FixIt tool can be used manually - as described in steps 2. to 6.).
11. Only necessary for Version 2021 R1: A new WinPE image must be created (for DIP use after CIDR conversion).

If the update via FixIt tool fails or not all files are replaced successfully, you can also copy the files manually from the folder matching your version of the bMS to the installation directory of the bMS.

There is no need for action to manually update the baramundi Master Server through the setup (from MSW source files). If the setup is executed manually from MSW on the baramundi Master Server, technically related errors will occur, such as this environment then requesting a new agent setup version. Using this version on the baramundi Master Server is an unapproved state of a baramundi Management Suite environment.
> Only run the FixIt on the baramundi Master Server and do not perform a server installation.

For version 2020 R1

• The hotfix 20.1.214_bmc_hotfix.zip is already included in this FixIt tool and must not be used anymore.
• The other hotfixes of 20 R1 including the security fixes S-2020-01 and S-2020-02 are not included and must still be applied separately.

For version 2020 R2 U1 and 2021 R1

• The FixIT-2021-S1 is cumulative to FixIt-2021-01 - FixIt-2021-01 must not be used anymore.

The version numbers and hashes (SHA256) of the files are listed here to verify the integrity of these files.

Download now