This technical note outlines the features introduced in Reflection for Secure IT 8.0 Server for Windows (released November 2012), as well as product release notes.
Note: Reflection for Secure IT version 8.1 is available beginning in August 2013. For a list of new features in 8.1, see KB 7022024.Note the following:
New Features in 8.0
The following new features are included in Reflection for Secure IT 8.0 Server for Windows:
- The Credential Cache can now be exported into a comma separated value (CSV) file. This exported file includes user names and last used values; passwords are not exported.
- The Server now supports file transfer auditing. When enabled, audit events will be created for file transfer uploads and downloads, including attempts that are denied by the operating system.
- The debug log directory permissions can now be modified to allow groups other than Administrators and the SYSTEM account read access
- SHA256 is supported for digital signature when X.509 certificates are used for authentication using RSA 2048 bit keys or larger.
- SHA256 is supported for key authentication using RSA public keys.
- The hmac-sha256 and hmac-sha512 have been added to the default MAC list. The hmac-sha256 has been placed at the top of the list.
- Increased the Event and Debug logging for SCP1 file transfers.
- The ability to specify the full path to the RSA SecurID Agent library has been added to the configuration pane.
- Support for running the Reflection for Secure IT server in a Microsoft Cluster is not working in the 8.0 shipping version (8.0.125). If a running server on the active node fails, the Microsoft Cluster Service will fail to start the Reflection server automatically on the backup node, and a manual restart will also fail. If you depend on a cluster to provide failover, contact Technical Support (http://support.microfocus.com/contact/) for a fix for this issue before deploying version 8.0.
Resolved Issues in 8.0
The following issues were resolved in Reflection for Secure IT 8.0 Server for Windows:
- The Server now sends a case sensitive username when using SSH to connect to another remote SSH server from within an SSH terminal session.
- Executing a remote command with SJIS Japanese characters from Reflection for Secure IT Client for UNIX to a Reflection for Secure IT Server for Windows no longer fails.
- UNC SFTP directories can now be accessed when âConnect to accessible directories when accessed, instead of at login timeâ is enabled.
- Restarting the operating system no longer causes the Server to log the message âAttachmate Reflection for Secure IT Server service terminated unexpectedlyâ in the Event Viewer.
- High volumes of automated SFTP transfers no longer cause periodic failures with an error message: The data area passed to a system call is too small.
- File transfers no longer fail when âUse SFTP accessible directory settings for SCP1â is enabled and the â%uâ pattern string is defined in the SFTP Accessible Directory Settings.
- UNC SFTP directories can now be accessed when the â%uâ pattern string is defined in the SFTP Accessible Directory Settings.
- The SFTP server no longer terminates with exit code 9, which caused the OpenSSH client to disconnect intermittently.
- A customized âUser login directoryâ setting is maintained after upgrading the product.
- The User Interface for the Credential Cache has been improved to better differentiate between the available options.
- Added the architecture designation (x86 and x64) to Setup and the Programs and Features description to better distinguish the installations.
- Fix for security vulnerability described in CVE-2012-0008: Untrusted search path vulnerability in Microsoft Visual Studio 2010 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka âVisual Studio Add-In Vulnerabilityâ.
- Fix for security vulnerability described in CVE-2012-2110: An ASN.1 input function does not properly interpret integer data, which allows remote attackers (on the Server for Windows, Server or Client for UNIX) or local attackers (on the Client for Windows) to conduct buffer overflow attacks, and cause a denial of service (memory corruption), via crafted DER data, as demonstrated by an X.509 certificate.
- Fix for security vulnerability described in CVE-2011-1280: The XML Editor in Microsoft Visual Studio 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka âXML External Entities Resolution Vulnerabilityâ.
- Fix for security vulnerability described in CVE-2010-3190: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application, aka âMFC Insecure Library Loading Vulnerabilityâ.
For current information about security alerts and advisories that may affect Reflection for Secure IT, see https://support.microfocus.com/security/.
Obtaining the Product
Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
You will be prompted to login and accept the Software License Agreement before you can select and download a file. For more information on using the Download Library web site, see KB 7021965.
For information about purchasing Reflection for Secure IT, please e-mail us: SalesRecept@attachmate.com.
For information about Reflection for Secure IT supported platforms, see KB 7022010.
Installing or Upgrading to Reflection for Secure IT 8.0 References
For information about installing and upgrading Reflection for Secure IT 8.0 Server for Windows, see the Installing and Upgrading topics in the User Guide, which is available in the product or from the documentation page, http://support.microfocus.com/manuals/rsit_win_server.html.
Legacy KB ID
This document was originally published as Attachmate Technical Note 2642.