v1.5.17rcX Bug Reports and Comments

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
Stephen
Employee
Employee
 
Posts: 1033
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 85 times
Been thanked: 181 times

v1.5.17rcX Bug Reports and Comments

Sun Aug 04, 2024 12:38 am

THIS THREAD IS CLOSED AS v1.5.17 IS RELEASED - 11/14/2014

FIXED/CHANGED

- reduced attack surface on webserver - rc1
- upgrade failure on very old WS models. - rc1
- openssl upgraded - rc2
- lighttpd upgraded - rc2
- several packages patched for openssl upgrade -rc2
- frontend files now served with gzip'd encoding - rc2

ENHANCEMENTS

KNOWN ISSUES
- WEB UI issues when not at 100% Zoom on browser especially on VLAN TAB
- Some language templates need help

Released 8/9/2024

Further Information

This release (rc1) attempts to alleviate effects from an exploited security hole that has been taken advantage on our switch's. Details here: viewtopic.php?f=17&t=8066

Please bare with us as this may not entirely patch the hole, we are still working on continued enhancements that will prevent future abuse. However, based on the majority of reported effects from this issue. Namely, the FBI page, along with the increased CPU and memory usage on the switch causing packet loss - should be prevented with this release.

If you're suffering from this attack, please stay tuned here as more update's are planned as we continue to tighten our grip on the situation.

Also, feedback about your experience's with this version will help us continue the effort.

RC2 Upgrade

RC2 has an upgraded variant of openssl and lighttpd that should dramatically reduce the vulnerability of the switch. As it turns out, this version of openssl is much larger than the original and required many patches on different packages to make it all work. As a result, the frontend file's are now all served compressed, so you may need to clear the cache in your browser for the webui after upgrading. We also suggest that you bench test this version before upgrading switch's in the field just to be safe.
However, despite our effort's to make the switch as secure as possible. We suggest avoiding exposing the webui to the web at large either with Access Controls or by isolating your management vlan - if at all possible.

User avatar
lligetfa
Associate
Associate
 
Posts: 1191
Joined: Sun Aug 03, 2014 12:12 pm
Location: Fort Frances Ont. Canada
Has thanked: 307 times
Been thanked: 381 times

Re: v1.5.17rcX Bug Reports and Comments

Sun Aug 04, 2024 7:01 am

Installed on my very old Board rev B after getting jiggy with the commandline since obviously the "upgrade failure on very old WS models" fix only applies after it is installed. I had to get jiggy with it each time to go from .12 to .14 and .16 as well.
I assume going forward, rc2 will install without needing to get jiggy with it.

EDIT:
One thing I noticed is this also fixed where the SFP cage now shows correctly for port 24. I have a cable in the RJ45 port 24 and on .16 the SFP cage showed as green whereas now it shows empty with an X.

User avatar
Stephen
Employee
Employee
 
Posts: 1033
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 85 times
Been thanked: 181 times

Re: v1.5.17rcX Bug Reports and Comments

Sun Aug 04, 2024 12:28 pm

Yeah, going forward you shouldn't have to do any trick's to upgrade that model again.

User avatar
sirhc
Employee
Employee
 
Posts: 7415
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: v1.5.17rcX Bug Reports and Comments

Sun Aug 04, 2024 1:13 pm

For RC1, also note the index.html file can return but it is inert. As Stephen said this alleviates the symptoms and prevents THIS hack from running but not from being put there but if the file put there it will be ignored.

This release also will not prevent AVAST antivirus from refusing to load the login screen as we shill have not upgraded lighttpd far enough. AVAST is not detecting an infected site it simply refuses to talk to the current version of lightttpd as it has the vulnerability in it. You still have to either disable AVAST Web Scan under core or add the IP of the switch to the exception list.

We hope to have a better release soon that closes the vulnerability.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
lligetfa
Associate
Associate
 
Posts: 1191
Joined: Sun Aug 03, 2014 12:12 pm
Location: Fort Frances Ont. Canada
Has thanked: 307 times
Been thanked: 381 times

Re: v1.5.17rcX Bug Reports and Comments

Fri Aug 09, 2024 1:24 pm

Stephen wrote: RC2 Upgrade

RC2 has an upgraded variant of openssl and lighttpd that should dramatically reduce the vulnerability of the switch. As it turns out, this version of openssl is much larger than the original and required many patches on different packages to make it all work. As a result, the frontend file's are now stored and compressed, so you may need to clear the cache in your browser for the webui after upgrading.

The page did not automatically reload after restarting so I opened it on a new tab and all was well. Also, Chrome no longer used the saved credentials and those needed to be manually re-entered.

EDIT: Also, the NTP time was correct on the status page but the last log entry was still showing Dec 31.

User avatar
Stephen
Employee
Employee
 
Posts: 1033
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 85 times
Been thanked: 181 times

Re: v1.5.17rcX Bug Reports and Comments

Fri Aug 09, 2024 4:01 pm

On initial boot up, it takes a bit for system time modification from ntp to be reflected in the logs. If you make a modification going forward. The logs should update to the correct time.
Here's a screenshot to show what I mean, I modified Port 3 just to show it updating the log with the correct time after ntp is set.

ntp-and-logs.png

User avatar
lligetfa
Associate
Associate
 
Posts: 1191
Joined: Sun Aug 03, 2014 12:12 pm
Location: Fort Frances Ont. Canada
Has thanked: 307 times
Been thanked: 381 times

Re: v1.5.17rcX Bug Reports and Comments

Fri Aug 09, 2024 4:28 pm

Stephen wrote:On initial boot up, it takes a bit for system time modification from ntp to be reflected in the logs. If you make a modification going forward. The logs should update to the correct time.

Yes, later when I updated a downstream switch, the port bounce in the log showed the correct date/time. On the older firmware, the end of the log file always showed the correct date/time. It was just an observation.

User avatar
mayheart
Experienced Member
 
Posts: 166
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 43 times
Been thanked: 40 times

Re: v1.5.17rcX Bug Reports and Comments

Mon Aug 12, 2024 4:10 pm

No problem with this firmware on a DC/IDC/AC units and a Rev B. board.

Is there a time frame to ship this as a final version?

User avatar
sirhc
Employee
Employee
 
Posts: 7415
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: v1.5.17rcX Bug Reports and Comments

Mon Aug 12, 2024 4:27 pm

Soon as we get some more "hey works fine" feedback will close rc and release v1.5.17

So hey people don't just speak up when broken let us know it's fine.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
sakita
Experienced Member
 
Posts: 206
Joined: Mon Aug 17, 2015 2:44 pm
Location: Arizona, USA
Has thanked: 93 times
Been thanked: 80 times

Re: v1.5.17rcX Bug Reports and Comments

Tue Aug 13, 2024 8:06 pm

Loaded 1.5.17rc2 on a WS-8-150-AC Board Rev F in my test rig. This is the switch connected to my laptop and 7 other devices (which includes devices that communicate with each other providing a little traffic).

The MAC Table page in the web UI wasn't showing all of the MAC addresses that were shown when issuing a "show mac table" command in the web UI Device Console. At one point there were no addresses on the MAC Table page but were on the Console. Flushing and refreshing didn't change anything... and then the list on the MAC Table page magically started displaying again but still not matching the full list shown by the Console.

I rolled it back to 1.5.17rc1 and the MAC Table page and Console now show the same list consistently.
Today is an average day: Worse than yesterday, but better than tomorrow.

Next
Return to Hardware and software issues

Who is online

Users browsing this forum: No registered users and 36 guests