Multi-Tenant LoadMaster Release Notes

1 Introduction

This document lists the features and issues in the current Multi-Tenant LoadMaster (MT LoadMaster) release.

We recommend you fully back up the Multi-Tenant LoadMaster configuration before upgrading the software.

Installation of this software and reloading of the configuration may take up to five minutes, or possibly more.

1.1 Document Purpose

The purpose of this document is to provide details about the current Multi-Tenant LoadMaster firmware release.

The following are recommendations for upgrading the software:

  • The person undertaking the upgrade should be a network administrator or someone with equivalent knowledge.
  • In case of issues configuring the Multi-Tenant LoadMaster, please refer to the Multi-Tenant LoadMaster documentation which can be found at https://kemptechnologies.com/documentation.

1.2 Support

If there are problems loading the software release, please contact KEMP support staff and a KEMP Support Engineer will get in touch with you promptly: https://kemptechnologies.com/support

1.3 Intended Audience

This document is intended to be read by anyone who is interested in finding out more about a Multi-Tenant LoadMaster firmware release.

2 Release MT_7.1.35.6

Refer to the sections below for details about firmware version MT_7.1.35.6. This was released on 5th December 2018.

2.1 New Features - MT_7.1.35.6

There are no new features in the MT_7.1.35.6 release.

2.2 Feature Enhancements - MT_7.1.35.6

  • Previously, there was no Redundant Array of Independent Disks (RAID) monitoring facility available for LoadMaster Multi-Tenant hosts that supported disk RAID configurations. Now, on a LoadMaster Multi-Tenant host that supports RAID configurations, in the Debug Options screen on the LoadMaster WUI, there are options to display the RAID controller and RAID disk information. Status information in relation to RAID events is also available in the LoadMaster message logs and using Syslog.

2.3 Issues Resolved - MT_7.1.35.6

PD-11977

Addressed a further critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management that could, in certain circumstances, allow an unauthorized, remote attacker to bypass security protections, and gain access to sensitive system data, thereby compromising the system. This vulnerability was partially addressed in 7.1.35.4.

The expanded scope of this vulnerability covers exploitation through the use of insecure Web User Interface (WUI) endpoints associated with historical graphs and licensing. These vulnerabilities have been addressed in this release. Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-11854

Previously, the LoadMaster Virtual Network Function (VNF) always used the default Port and Interface for the IP address hyperlink on Status of Installed VNFs.

Now, the hyperlink displays the correct IP address and Port (other than the default 443) on the VNF Status page.

PD-11672

Previously, a user with just User Administration privileges was not able to add\modify\delete other users on the system.

Now, the correct permissions are assigned, and a user with these permissions can administer other users on the system.

PD-10214

Previously, VLAN IDs were referenced using their HEX identifiers or the equivalent integer value. In cases where multiple VLANs were configured, this led to difficulty identifying the appropriate VLAN IDs.

Now, VLAN IDs are easily identified throughout the WUI with the IDs set during configuration.

PD-10064

Previously, RADIUS-based users did not get the correct Web User Interface (WUI) administration permissions when WUI Session Management was enabled.

Now, the correct user permissions are assigned.

2.4 Known Issues - MT_7.1.35.6

PD-9950 High Availability (HA) on the Multi-Tenant LoadMaster does not work with LoadMaster VNF firmware versions LTS 7.1.35.x and V7.2.36.x.

PD-10098

The following error message appears if no local users are configured on the Multi-Tenant host WUI: '_RO_USERS: No such file or directory'. There is no functional impact relating to this error.

PD-10194 You cannot update the license of a Multi-Tenant LoadMaster VNF.
PD-10203 Users cannot apply a WUI certificate using the RESTful API or WUI.
PD-10437 Bonded VNF interfaces are not removed correctly after a VNF Factory Reset operation.
PD-11327 You cannot restore backup files on Multi-Tenant LoadMaster VNFs.
PD-11334 There are some issues when bonding more than two interfaces on a Multi-Tenant host.
PD-11458 The operation of the AutoStart button for Instantiated VNFs could be made clearer.
PD-11500 There is a limit to the VNF size of the max number of cores of a single CPU on a multi-core platform. For example, a dual CPU system with 6 cores per CPU, the max size that can be configured for a single VNF is 6 cores.
PD-11678 Some user permissions that are available for selection are not valid for a user on a Multi-Tenant LoadMaster.
PD-11679 Unable to download the backup file via the RESTful API if Session Management is enabled.
PD-11716 With Session Management enabled, the Test AAA for User functionality for the RADIUS user does not work and displays an “Authentication failed” message.
PD-11718 Characters allowed in the VNF name during creation are invalid when the name is modified.

3 Release MT_7.1.35.4

Refer to the sections below for details about firmware version MT_7.1.35.4. This was released on 1st May 2018.

3.1 New Features - MT_7.1.35.4

Support added for the new LM-X series of LoadMaster.

3.2 Issues Resolved - MT_7.1.35.4

PD-10924

Previously, error text appeared in the Multi-Tenant LoadMaster Web User Interface (WUI) when adding a VLAN with the same ID.
Now, this text no longer appears in the WUI and an error pop-up appears with the correct error information.

PD-11046 Addressed a critical vulnerability (CVE-2018-0901) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management where an unauthenticated, remote attacker could bypass security protections, gain system privileges, execute elevated commands and expose certain sensitive system data such as certificates and private keys. The expanded scope of this vulnerability covering exploitation through injection of arbitrary executable commands in cookies is addressed in this release.
PD-10085 Previously, the link status displayed in the Multi-Tenant LoadMaster WUI was incorrect.
Now, the correct link status is displayed in the Multi-Tenant LoadMaster WUI.

3.3 Known Issues - MT_7.1.35.4

PD-9950 High Availability (HA) on the Multi-Tenant LoadMaster does not work with LoadMaster VNF firmware versions LTS 7.1.35.x and V7.2.36.x.

PD-10064

RADIUS-based users do not get the correct Web User Interface (WUI) administration permissions when WUI Session Management is enabled.

PD-10078 For newly-created VLANs, the selectable VLAN ID for the VNF does not match the VLAN ID on the Multi-Tenant interface list.
PD-10098 The following error message appears if no local users are configured on the Multi-Tenant host WUI: '_RO_USERS: No such file or directory'. There is no functional impact relating to this error.
PD-10203 Users cannot apply a WUI certificate using the RESTful API or WUI.
PD-10194 You cannot update the license of a Multi-Tenant LoadMaster VNF.
PD-10214 VLAN IDs can be referenced using their HEX identifiers or the equivalent integer value. In cases where multiple VLANs are configured, this leads to difficulty identifying the appropriate VLAN ID.
PD-10437 Bonded VNF interfaces are not removed correctly following a VNF Factory Reset operation.
PD-11327 You cannot restore backup files on Multi-Tenant LoadMaster VNFs.
PD-11334 There are some issues when bonding more than two interfaces on a Multi-Tenant host.

4 Release MT_7.1.35.3

Refer to the sections below for details about firmware version MT_7.1.35.3. This was released on 6th December 2017.

4.1 Feature Enhancements - MT_7.1.35.3

  • LoadMaster VNFs are now able to download GEO IP blacklist and Web Application Firewall (WAF) commercial rules.

4.2 Issues Resolved - MT_7.1.35.3

PD-10243

Previously, deleting a VLAN and rebooting the Multi-Tenant host caused inaccessibility issues for VNFs on other VLANs. Now, VNF accessibility using VLAN is maintained after rebooting the Multi-Tenant host.

PD-10004 Fixed an issue that caused the Multi-Tenant LoadMaster to become unreachable when running a script to add a large number of VLANs.

4.3 Known Issues - MT_7.1.35.3

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-10064

RADIUS-based users do not get the correct Web User Interface (WUI) administration permissions when WUI Session Management is enabled.

PD-10078 For newly-created VLANs, the selectable VLAN ID for the VNF does not match the VLAN ID on the Multi-Tenant interface list.
PD-10085 In certain scenarios, an incorrect link status displays.
PD-10098 The following error message appears if no local users are configured on the Multi-Tenant host WUI: '_RO_USERS: No such file or directory'. There is no functional impact relating to this error.
PD-10203 Users cannot apply a WUI certificate using the RESTful API or WUI.
PD-10214 VLAN IDs can be referenced using their HEX identifiers or the equivalent integer value. In cases where multiple VLANs are configured, this leads to difficulty identifying the appropriate VLAN ID.
PD-10261 The following error message displays on the WUI if a duplicate VLAN ID is used: 'Duplicate VLAN id <vlan ID> Cache-Control: nocache'.
PD-9950 High Availability (HA) does not work with LoadMaster firmware version LTS 7.1.35.4 on the Multi-Tenant LoadMaster.

5 Release MT_7.1.35.2

Refer to the sections below for details about firmware version MT_7.1.35.2. This was released on 6th September 2017.

5.1 New Features - MT_7.1.35.2

You can reset the VNF password from the host in the console.

5.2 Feature Enhancements - MT_7.1.35.2

Interfaces can be bonded.

Administrator Web User Interface (WUI) access can be reset from the Multi-Tenant host console.

Mitigated against the CVE-2016-5696 vulnerability.

Updated the OpenSSL version to 1.0.2k to mitigate against the following vulnerabilities:

- CVE-2017-3731

- CVE-2017-3730

- CVE-2017-3732

- CVE-2016-7055

Updated OpenSSH to version 7.5 to mitigate against the following vulnerabilities:

- CVE-2015-8325

- CVE-2016-6210

5.3 Issues Resolved - MT_7.1.35.2

PD-8634

Added the licenseinfo Application Program Interface (API) command.

PD-9651 High Availability (HA) Virtual LoadMaster IP addresses are shown on the VNF Status page.
PD-9774 Fixed issues with automated FTP backups.
PD-9864 Fixed an issue that stopped the API from working when Basic Authentication was enabled.

5.4 Known Issues - MT_7.1.35.2

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-10085 An incorrect link status is displayed in certain scenarios.
PD-10004 In some situations, the Multi-Tenant LoadMaster unit becomes unreachable when running a script to add a large number of VLANs.
PD-9950 HA does not work with LTS 7.1.35.4 on the Multi-Tenant LoadMaster.
PD-10124 GEO IP blacklist commercial rule downloads are not working on Multi-Tenant LoadMasters.

6 Release MT_7.1.35

Refer to the sections below for details about firmware version MT_7.1.35. This was released on 2nd August 2016.

When upgrading a Multi-Tenant LoadMaster for Microsoft Azure to firmware version 7.1.35 – you also need to upgrade the Azure add-on pack.

6.1 Feature Enhancements

It is now possible to retrieve the serial number of a Multi-Tenant LoadMaster using the Application Program Interface (API).

6.2 Issues Resolved

PD-7380

Fixed an issue which was causing the interface speed to not be displayed correctly in the Multi-Tenant LoadMaster Web User Interface (WUI).

 

6.3 Known Issues - MT_7.1.35

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

7 Release MT_7.1.34

Refer to the sections below for details about firmware version MT_7.1.34. This was released on 18th May 2016.

7.1 New Feature

New Ovs Logging Level field added

7.2 Feature Enhancements

Mitigated against CVE-2004-2761 vulnerability.

Interface IDs are now displayed in the output of the stats API command.

7.3 Issues Resolved

PD-6634

Fixed an issue that was preventing the presentation of the root certificate.

PD-6509

It is now possible to set the memory size to greater than 2048 MB when using the createinstance API command.

 

7.4 Known Issues - MT_7.1.34

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

8 Release MT_7.1-30

Refer to the sections below for details about firmware version MT_7.1-30. This was released on 3rd November 2015.

8.1 New Features

Application Program Interface (API) support added

DHCP support added

8.2 Feature Enhancements

After initially deploying a new Multi-Tenant LoadMaster, a prompt will now appear asking to set up the initial tenant LoadMaster.

The User Interface (UI) has been updated.

The speed of Virtual LoadMaster (VLM) instance creation has been increased.

The Multi-Tenant LoadMaster now comes with a pre-installed Virtual Network Function (VNF) package containing the latest LoadMaster firmware.

8.3 Known Issues

PD-10980

A critical vulnerability (CVE-2018-9091) in the Multi-Tenant LoadMaster Operating System (MT-LMOS) related to Session Management could allow an unauthorized, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, and so on, thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.

Further information can be found here: Mitigation For Remote Access Execution Vulnerability.

PD-6487

The TPS counter on the home page is not relevant for the Multi-Tenant LoadMaster product and will be removed in a future release.

PD-6153

The current version of the Multi-Tenant LoadMaster does not work on the HP ProLiant DL320e bare metal platform.

PD-6509

The API command create instance does not allow the memory size to be set greater than 2048 MB.

References

Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.

KEMP Multi-Tenant LoadMaster, Product Overview

Multi-Tenancy, Feature Description

KEMP Multi-Tenant LoadMaster, Configuration Guide

Multi-Tenant LoadMaster API, Interface Description

Last Updated Date

This document was last updated on 03 December 2018.

Was this article helpful?

0 out of 0 found this helpful

Comments