English

ArcGIS 10.0 SP2 (Server) Image Service file resource security Patch

Summary

This patch addresses a security vulnerability in ArcGIS 10 Image Services published using a Mosaic Dataset.

Description

Introduction

Esri® announces the ArcGIS 10.0 SP2 (Server) Image Service file resource security Patch. This patch addresses a security vulnerability in ArcGIS 10 Image Services published using a Mosaic Dataset. It deals specifically with the issues listed below under Issues Addressed with this Patch.

Issues Addressed with this Patch


  • NIM070323 - Security Vulnerability in ArcGIS Server 10 Image Service file resource.


  • Description: A security vulnerability has been identified in ArcGIS Server 10.0, 10.0 SP1, and 10.0 SP2 with the Image Extension. This vulnerability could allow someone to gain access to certain local or network files that can be accessed from a system running ArcGIS Server. If you are not using the Image Extension with Mosaic Datasets, you are not affected by this issue.


Files Installed in this Patch


    Under the Windows <ArcGIS Installation Directory>\bin folder:

      FunctionRasterDB.dll
      ImageServer.dll
      RasterCoreLib.dll
      WCSServer.dll
    Under the Windows <ArcGIS Installation Directory>\DotNET folder:

      ESRI.ArcGIS.REST.dll
    Under the Windows <ArcGIS Installation Directory>\Java\manager\web_output\rest\WEB-INF\lib folder:

      arcgis_rest.jar
    Under the Linux/Solaris <ArcGIS Installation Directory>/bin folder:

      functionrasterdb.rsb
      libfunctionrasterdb.so
      imageserver.rsb
      libimageserver.so
      rastercorelib.rsb
      librastercorelib.so
      wcsserver.rsb
      libwcsserver.so
    Under the Linux/Solaris <ArcGIS Installation Directory>/java folder:

      manager/web_output/rest/WEB-INF/lib/arcgis_rest.jar

Installing this Patch on Windows


Installation Notes:

  • System Administrators - A technical paper is available that discusses the enterprise deployment of ArcGIS 10 setups using Microsoft® Systems Management Server (SMS) and Group Policy, including additional system requirements, suggestions, known issues, and Microsoft Software Installation (MSI) command line parameters. Deployment in a lockdown environment is also covered. ArcGIS 10 Enterprise Deployment.

ArcGIS Server 10 Service Pack 2 or ArcGIS Server Java 10 Service Pack 2 must be installed before you can install this patch.


  1. Download the appropriate file to a location other than your ArcGIS installation location.

  2. ArcGIS Server GIS Services Gis10sp2-SGIS-ISRS-Patch.msp
     
    ArcGIS Server Java Gis10sp2-SJ-ISRS-Patch.msp

  3. Make sure you have write access to your ArcGIS installation location.


  4. For ArcGIS Server GIS Services Only: Open the Services Management Console> Control Panel > Administrative Tools > Services. Stop the ArcGIS Server Object Manager and ArcGIS Server SOC Monitor services.

    For ArcGIS Server Java Only: Open the Services Management Console> Control Panel > Administrative Tools > Services. Stop the ArcGIS Server Object Manager; ArcGIS Server SOC Monitor and ArcGIS Server Manager services.


  5. Double-click Gis10sp2-<Product>-ISRS-Patch.msp to start the install process.

    NOTE: If double clicking on the MSP file does not start the Patch installation, you can start the Patch installation manually by using the following command:

      msiexec.exe /p [location of Patch]\Gis10sp2-<Product>-ISRS-Patch.msp
  6. When Setup starts, follow the instructions on your screen.


  7. For ArcGIS Server GIS Services Only: Open the Services Management Console> Control Panel > Administrative Tools > Services. Start the ArcGIS Server Object Manager and ArcGIS Server SOC Monitor services.

    For ArcGIS Server Java Only: Open the Services Management Console> Control Panel > Administrative Tools > Services. Start the ArcGIS Server Object Manager; ArcGIS Server SOC Monitor and ArcGIS Server Manager services.


Installing this Patch on Linux and Solaris


Complete the following install steps as the ArcGIS Install owner. The Install owner is the owner of the arcgis folder.

ArcGIS Server 10 Service Pack 2 or ArcGIS Server Java Service Pack 2 must be installed before you can install this patch.

  1. Download the appropriate file to a location other than your ArcGIS installation location.


    ArcGIS Server Java for Linux gis10sp2-SJ-ISRS-Patch-linux.tar
     
    ArcGIS Server Java for Solaris gis10sp2-SJ-ISRS-Patch-slrs.tar


  2. Make sure you have write access to your ArcGIS installation location, and that no one is using ArcGIS.


  3. Extract the specified tar file by typing:
    % tar -xvf gis10sp2-SJ-ISRS-Patch-linux.tar (Linux)
    % tar -xvf gis10sp2-SJ-ISRS-Patch-slrs.tar (Sun Solaris)
  4. Start the installation by typing:
    % ./applypatch
    This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.


Patch Updates

Check the ArcGIS Resource Center periodically for the availability of additional patches. New information about this Patch will be posted here.

How to identify which Patch is installed


Windows

    To find out what ArcGIS products are currently installed on your machine, download the PatchFinder.exe utility and run it from your local machine.

Linux / Unix

    To find out what ArcGIS products are currently installed on your machine, download and extract the PatchFinder utility and run it from your local machine.

Getting Help

Domestic sites, please contact Esri Technical Support at 1-888-377-4575, if you have any difficulty installing this Patch. International sites, please contact your local Esri software distributor.