VTS Series Firmware Version 1.5.3 Release Notes July 21, 2004 Copyright (c) 1998-2004, Sena Technologies, Inc. INTRODUCTION ============= These release notes describe new features added and bugs fixed since the firmware V1.5.1 release. ENHANCEMENTS ============== + Added the auto detection of connected device using user defined format string and script. + Added the modem tests for two dial-in modem mode ports. + Added the automatic firmware or configuration update through TFTP or DHCP. + Added the logout SNMP trap. + Added the TACACS+ support in PAM. + Added the shell program menu in terminal server mode. + Added the DHCP option, ¡°Reuse old IP at bootup time on DHCP failure", on IP configuration page, for reusing old IP address if DHCP server is not responding at DHCP mode starting. BUG FIXES ========= - Login Vulnerability fixed. - Deleting message direction arrow("<") of port log when the log is sent to Syslog server - Fixed the problem in taking over the main session when concurrent connections to a port are over 16. - Fixed the problem in applying IP filtering rule repeatedly(adding and then removing) using Web UI. - Fixed the problem in changing modem init string in Dial-in Modem TS mode using Web UI. - Fixed the problem in accessing Web UI using Mozilla Web Browser. - Fixed the problem for the monitoring only user to access connection page of Web UI. - Fixed the problem in accessing serial ports using following tool or page on Web UI through eth1 interface, Quick connect option : telnet Connect to Clustering slave configure Clustering slave unit port connect - Fixed the problem in using CLI through PC modem interface - Fixed the problem in using software flow control option. KNOWN BUGS ============ * None. REVISION HISTORY ================ 1.5.1 June 3, 2004 + Web UI reconnects to login page after firmware upgrade, configuration import and rebooting. + Users may select port log file name option as ¡®use port title¡¯ so that it can be changed automatically according to the changes in port title. + When IP mode is set as DHCP in Web UI, DNS configuration will be set auto automatically. + Upgraded OpenSSH to 3.7.1p2 and OpenSSL to 0.9.6m + Added dial-in modem mode support through serial console port. + Added an option to change password of login user in the Port Access Menu. + Added an option to use a global SNMP trap receiver setting in Port event handling menu. + Default Access Control Settings(NMS) of SNMP configuration is changed to prevent unauthorized attacks. + Added an option to limit root access to console port or Web UI. + Added the SDK(Software Development Kit) support through CF flash card. + Users can only see the ports they have access to when logging onto the Web UI. + Added the Alert configuration under Serial port configuration with alert function for port login and device connection through mail or SNMP trap. + Bootloader version is displayed on System information under System status page. + Added an option to set the logging direction of port data. + Added several new contents for alarm notification through e-mail or SNMP trap such as IP address, Device name, Port Protocol and Device Time. + Modem interface is changed so that user can accesses shell program directly. + Authentication configuration for Dial-in modem mode is removed. Authentication method now depends on PAM(Pluggable Authentication Module) confiuration + Added support for Netgear FA411 wired LAN card and Buffalo AirStation(WLI-PCM-L11GP) wireless LAN card. + User can change Radius attribute to fit for his Radius server configuration. + Clustering feature is enhanced so that user can configure slave units through UI of master unit. + Slave unit can authenticate users based on database of Master unit. + Serial ports support long user name up to 45 characters. But there is still limitation on length of local user name up to 29 characters. + Added support for the RADIUS authentication to the console login. + Added support for the SecurID¡¯s new PIN and next Token Code Mode. + Added an notification icon on connection page of Web UI when new data has been received on a port. + Added ¡°Show last 10 lines of a log upon connect" option to display last 10 lines of log when user logs into a port automatically. + Added an option to set the secondary IP address for the unit. + New button for "Local echo" is added to JTA window. + Certificate for HTTPS is changed. + Configuration files for JTA are moved to /etc/jta directory so that user can change them using rc.user script. + File permission of reboot binary is changed sot that System admin user can reboot the system. + Added an option for automatic firmware and configuration upgrade through TFTP server. + Confirm message is added to configmenu when user exit from it. + Added an information for MAC Address of PC card on the header of configmenu. - FTP server configuration in /etc/inetd.conf is disabled. - Fixed problem in changing root password through Web UI. - Fixed problem in changing listening tcp port number to ¡°2002¡± through Web UI. - Default Access Control Settings(NMS) of SNMP configuration is changed to prevent unauthorized access or attacks. - Fixed problem in cycling power of outlet separately if there are two outlets linked to one serial port. - Fixed bug in leap year calculation of RTC routine. - Fixed problem in accessing a serial port through Port Access Menu when the port is used already. - Fixed problem in changing the gateway information when IP mode is changed. - All Cross Site Scripting vulnerabilities are removed. - Fixed problem in reflecting NTP time on port logs. - Fixed problem in clearing users using /bin/userlog-man binary - Fixed problem in removing user list when user disconnects connection in Dial-in modem mode. - Fixed problem in logging serial port data with time stamp. - Fixed problem in killing port users through "Serial port users logged on list" window of Web UI. - Fixed problem in permitting for read-only user to send break signal to the port using send break button in JTA window. - Fixed problem in displaying temperature threshold of power controller if the unit is set as Fahrenheit. - Fixed problem in sending send break if port is set as console server/telnet/port escape menu=ctrl-a. - Fixed problem in disconnecting all connections to a port through Global Escape Menu. - Fixed problem in setting NFS server name without '.' in Web UI. - Fixed problem in using SSH client in Terminal server mode. - Incorrect date was displayed when day light saving time is enabled - Non-encrypted type configuration file(*.tar.gz) was not displayed on the list in configmenu. - Fixed problem in running multiple clustering daemon whenever clustering mode is changed. - The default location of scroll bar is moved to the right side of the JTA windows. - Fixed problem in resetting keyword notification and user access control configuration when factory default reset is performed. - Fixed problem in using JTA on Mozilla or Konqueror Web Browser. - Fixed problem in using Port IP filtering feature with some specific filtering rules. - SSH daemon for the box is run by script under /etc/init.d/sshd at the boot time to reduce the connection delay. - Keepalive function is set to the Web server so that Web server cannot be blocked by disconnected remote host while responding to it. - IP filtering menu is changed so that user can assign and add arbitrary filtering options. 1.4.1 January 12, 2004 + WEB UI doesn¡¯t show any non-accessible options according to the user¡¯s right. + Logged in web user ID is displayed on the Web UI. + Added direct URL access to serial ports using JTA. + Added direct port access through SSH port. + Enhanced LDAP support by adding OU to the search path. + Added Korean/Japanese language supports in JTA. + Added power management support. + Added the ability for administrative users to disconnect users from ports through the Web UI. + Added support for the DNS name of an NFS server instead of the IP Address. + Added user configurable host name support. + Added Global Port Escape Menu. + Added Cron support + Added automatic detection of PC cards when PCMCIA card is inserted + Added option for port 'reset' and 'set' in console configuration menu + Added Timezone and Daylight savings time support + VTS will now continue sending DHCP requests if DHCP fails. + Added shell utility to reset a port.(/bin/portreset) + Added shell utility to reset a port.(/bin/portreset) + characters are removed on the system log message when VTS sends system log to syslog server. + Now login retries are permitted up to 3 times at maximum.(Console server or modem mode) - When a certain serial port is transferring data, there might be data loss if user changed configuration of another serial port. - Fixed problem with reconnecting a port after resetting it. - Fixed problem with getting random data in the secondary SNMP Trap receiver fields - Fixed problem with creating a user with username more than 10 characters. - Fixed problem with connecting connect to the eth1 interface(PC card) from eth0 network if eth0 interface on VTS is disconnected. - Fixed problem with reentering a port which was escaped just before in port access menu. - Fixed problem with sending large packets using TELNET client. - telrcv buffer overflow vulnerability in telnet daemon is fixed - Fix Linux kernel vulnerability.(privilege escalation security vulnerability:CAN-2003-0961) - Fixed problem with probing SS device using HelloDevice Manager when IP mode is set as DHCP. 1.3.2 October 6, 2003 + Added User Space(/usr2) and local machine(User's PC) options to configuration management. + Added Enable/Disable encrytion option to configuration management. + Added "Port Title", "Port Protocol" and "Listening TCP Port" objects to Keyword Notification via SNMP trap. - Buffer Management Errors in OpenSSH is fixed. - Fixed problem with disabling sniff mode once it was enabled. - Fixed problem with killing sniff session in sniff session menu when port number was 11 or above. - Fixed problem with checking version number of configuration file which will be imported via Web UI. - Wrong memory handing function on serial port configuration page of Web UI is fixed. 1.3.1 September 16, 2003 + Added SNMP Trap on the serial port disconnection DSR On/Off per serial port + Added SNMP Trap on serial port and system logins. + Improved Configuration File Importing / Exporting method to both Flash Card and NFS server. + Added automatic notification function when initiating a sniff session. + Added separated IP filtering menu for TELNET and SSH console of VTS. + Added a 'send break' option via the VTS telnet client. + Added reset function for ¡°stuck¡± serial port from the Web UI. + Added second trap receiver for Keyword Alerts. + Added IP address information of the slave units in the "Port access menu". + Improved User Administration features. + Added configurable port break sequence for TELNET and SSH protocol. + Added an option to remove the direction arrow(<,>) seen in a sniff session. + Added visible IP address when using DHCP with a PC LAN card. + Added enable/disable option for the First SMTP server + Changed limit on length of SNMP community names from 8 characters to 16 characters + Changed method in entering wep entry for the wireless card (¡°:¡± is not needed) + Changed the wording of ¡°Output¡± and ¡°Input¡± of sniff mode configuration to ¡°Server Output¡± and ¡°User Input¡± respectively. - Fixed problem with booting under burst of UDP packet - Fixed problem with sending syslog messages through MS Exchange or Qmail mail server. - Fixed problem with disabling assigned IP address under "all" ports. - Fixed problem with accessing serial port using WEB Java applet via the LAN interface card. - Fixed problem with remounting NFS server after connection to NFS server is reestablished. - Fixed problem with disabling assigned IP addresses through config menu. - Fixed problem in connecting VTS with wired interface after configuring a wireless PC Card. - Fixed problem in using Lucent Orinoco Wireless LAN card with SSID or WEP Key. - Fixed problem in using character ¡®a¡¯ as a break sequence for TELNET client. 1.2.0 August 5, 2003 + Added Lucent Orinoco Wireless LAN card support + Added Encrypted NFS support - Fixed problem with accessing a Port if it looses connection to the NFS server while log location is set as NFS. - Fixed problem with for a ¡°port admin¡± user being able to reboot the VTS via console menu. - Fixed problem with disabling assigned IP addresses through console menu. - Fixed problem with changing user id via Web UI. - Fixed problem with sending individual port information to the TACACS+ server. - Fixed problem with changing port title of the dial-in modem access menu. - Fixed problem with using Dial-in Terminal server mode with SSH. - Fixed problem with supporting bold character in JTA. - Fixed problem with setting "modem init string" in dial-in TS mode via WEB UI. - Fixed problem with applying inactivity timeout in Console Server mode with rawTCP protocol. - Fixed problems with accessing a port through port access menu. - Fixed problem with accessing a port in Terminal Server and Dial-in modem mode with none authentication. - Fixed problem with setting IP filtering options and SNMP NMS IP addresses through console menu. - Fixed problem with using user comment option in Dial-in modem mode - Fixed problem in authentication with PC modem card. - Fixed problems with log messages. - Fixed problems with using sniff session and inactivity timeout in dial-in modem mode. - Fixed problems with managing users through console menu. 1.1.2 June 18, 2003 - Fixed problem with accessing port using SSH client with public key authentication. - Fixed problem with taking over in sniff mode. In v1.1.0 or v1.1.1, main session user could not use escape sequence after entering sniff mode. 1.1.1 June 5, 2003 - Fixed problem with using PC modem card. - Fixed problem with ¡®quick connection via¡¯ configuration of Port Access Menu. - Fixed problem with killing session via the Port Access Menu running from CLI. - Fixed problem with using Remote or None Authentication in SSH connection. - Fixed problem with changing escape sequence for Port Access Menu. 1.1.0 June 2, 2003 + Added Shadow password support. + Added ability to access slave units through Port Access Menu. + Add option to launch telnet session instead of Java applet for port connection. + Added remote Authentication to WebUI(RADIUS,LDAP, TACACS+, KERBEROS). + One Step Save and Apply. + Configurable escape sequence per port. + Checkbox to allow all users with port access to sniff. + Added ability for sniff users to switch between read only access and read/write access on a port. + Added ability for sniff users to kill other sniff sessions. + Added ability for sniff users to send messages to other sessions. + Added an in-use and by-use comment field in serial port connection screen. + Increased limit of sniff sessions per port to 15. + Customizable port log filename to NFS Server. + Reduce character limit of usernames down to 3. + Add secondary NFS Server option for System and Port logs. + Add Date/Time stamp option to Port logs. + Added ability to switch directly between serial port configuration pages + Use LED graphics in the web UI instead of on/off text. + Added support for Kerberos authentication. + Added SNMP trap for alert. + Added prompt before sending break key to applet window. + Upgraded SSH Client to current version (3.5p1). + Added the ability to disable Alternate IPs(Serial Ports). - Fixed problem with F-Secure/ecureCRT SSH client causing a port lockup when disconnecting from the port. - Fixed problem with Port Log causing panics while logging to CF Card. - Fixed problem with sending a Break from a Dial-in modem. - Fixed problem where an SNMP Trap could lock up the Web Interface. - Fixed problem with system hanging when accessing serial port configuration using Netscape 4.7X/8 on MS Windows.(VTS3200 only) - Fixed problem with SSH client causing login fail when number of client exceeds 10. 1.0.3 March 3, 2003 + First public release CONTACTS ========= Sena Technologies Inc. 210 Yangjae-dong, Seocho-gu Seoul, Korea 137-130 url: http://www.sena.com email: info@sena.com phone: +82-2-573-7772 fax: +82-2-573-7710 Technical support: email: support@sena.com phone: +82-2-573-5422