Note: This is an archival copy of Security Sun Alert 239908 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019464.1. |
Category Security Release Phase Resolved 6633490 Product Veritas NetBackup 6.0 Veritas NetBackup 6.5 Date of Workaround Release 24-Sep-2008 Date of Resolved Release 30-Sep-2008 Security Vulnerability in VERITAS (Symantec) NetBackup 6.0/6.5 GUI 1. Impact A security vulnerability in VERITAS (Symantec) NetBackup 6.0/6.5 affecting the JAVA GUI application jnbSA(1M) may allow a local user with "admin" privileges the ability to execute arbitrary code with elevated privileges on the server . This issue is referenced in Symantec Security Advisory SYM08-016 at: http://www.symantec.com/avcenter/security/Content/2008.09.24a.html 2. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Notes:
3. Symptoms There are no reliable symptoms that would indicate the described issue has been exploited. 4. Workaround There is no workaround for this issue. Please see the Resolution section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform
Notes: Patches 119009-11 and 122073-04 have identical binaries, with the only difference being the version of VRTSnetbp being patched. Only one of the patches will be applied to a NetBackup system based on the following: Patch 119009-11 is applicable to VERITAS NetBackup 6.0 Product for GA, with version string VERSION=6.0,REV=2005.09.07.19.13. $ pkgparam VRTSnetbp VERSION
For more information
on Security Sun Alerts, see 1009886.1.
Modification History 30-Sep-2008: Updated Contributing Factors and Resolution sections; now Resolved References127655-02127656-02 122073-04 119009-11 Attachments This solution has no attachment |
|