Note: This is an archival copy of Security Sun Alert 200429 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000311.1.
VERITAS NetBackup 6.0
VERITAS NetBackup 5.1
VERITAS NetBackup 4.5
VERITAS NetBackup 3.4
VERITAS NetBackup 5.0
Date of Resolved Release
A Security vulnerability affecting Java GUI applications "jnbSA" and "jbpSA" within Symantec/VERITAS NetBackup may allow a remote unprivileged user the ability to execute arbitrary code with elevated privileges on a targeted system.
This issue is also described in VERITAS support document 279085:
This issue can occur in the following releases:
Windows platforms running 4.5 GA, 4.5 Maintenance Pack track, or Windows platforms running 64-bit Windows (either Maintenance Pack or Feature Pack), are not affected by this issue.
Windows platforms with NetBackup 5.0 running 64-bit Windows are also not affected.
There are no reliable symptoms that would indicate the described issue has been exploited.
Refer to the following VERITAS support document for instructions on how to work around the described issue:
This issue is addressed in the following releases:
1. NetBackup 3.4 will require an upgrade to a later supported version with the appropriate patches to resolve this issue. It is recommended to implement the workaround described above until the software is upgraded.
2. The patches mentioned in this Sun Alert are for Solaris SPARC and x86 platform support only. Customers with non-Solaris UNIX platforms and other NetBackup supported platforms can go to the following location for the resolution to this issue:
This solution has no attachment