Alerts

McAfee anti-virus update breaks Version Manager by incorrectly flagging it as containing the Exploit-CVE2012-0507 Trojan



ID:    A50
Published:    07 June 2012
Updated:    13 June 2012

Operating System(s)

  • All Windows

Product(s)

  • PVCS Version Manager
 

Description

A virus-signature update for the McAfee anti-virus scanner, deployed at or around June 6th 2012, is incorrectly flagging a crucial file used by Version Manager (vm.jar) as containing the Exploit-CVE2012-0507 Trojan. The scanner will subsequently delete all content, leaving a 0 byte file, thereby breaking the Version Manager installation.
 
The event logs will have an entry similar to:
 

Event Type:     Error
Event Source:   McLogEvent
Event Category: None
Event ID:       259
Date:           6/6/2012
Time:           11:10:55 PM
User:           NT AUTHORITY\SYSTEM
Computer:       xxxxxx
Description:    The file c:\Program Files\Serena\vm\common\lib\vm.jar\XmlInputStream$MyResolver.class contains the Exploit-CVE2012-0507 Trojan. No cleaner available, file deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6734.0000.

 
Users trying to launch the Version Manager desktop client GUI will see the error Class not found: pvcs.suite.gui.PvcsApp:
 
 
Users trying to run a PCLI command will see the error Class not found: pvcs.cmd.CmdProcessor:
 

 

Users of the web client will see the error HTTP Status 404 - Servlet vminet is not available, and the file vm\common\tomcat\logs\catalina.YYYY-MM-DD.log on the server will contain:
 
Jun 7, 2012 1:05:32 PM org.apache.catalina.core.StandardContext loadOnStartup
SEVERE: Servlet  threw load() exception
java.lang.ClassNotFoundException: pvcs.vm.servlet.VmServlet
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1701)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1546)
    at org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:525)
    at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:507)
    at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:124)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1136)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5015)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5302)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1568)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1558)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
    at java.util.concurrent.FutureTask.run(FutureTask.java:138)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
 
When the Serena VM Web Application Server is running as a Windows Service, the file vm\common\tomcat\logs\stderr.log will contain:
 
java.lang.NoClassDefFoundError: pvcs/servlet/VmInetServiceLauncher
Caused by: java.lang.ClassNotFoundException: pvcs.servlet.VmInetServiceLauncher
    at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:303)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
    at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:316)
 
Because the contents of the vm.jar file have been wiped, the only way to recover from this problem is to either: 
 
  • Restore the file VM_Install_Dir\vm\common\lib\vm.jar from backup
  • Reinstall Version Manager
  • Install the identical version of Version Manager somewhere else, and just copy the vm.jar file
  • Get a copy of the destroyed vm.jar file from Serena support
     
The vm.jar file is very much version specific, so it can only be replaced with an identical version of what was there before. For this reason restoring from backup or reinstalling are the preferred solutions.
 
*** UPDATE June 8th 2012: An updated McAfee virus-signature database, DAT 6736.000, no longer appears to flag vm.jar as containing this exploit. The previous version, DAT 6735.0000, has the problem.  Serena recommends updating your DAT file with great urgency. ***

Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs