Note: This is an archival copy of Security Sun Alert 239908 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019464.1.
Veritas NetBackup 6.0
Veritas NetBackup 6.5
Date of Workaround Release
Date of Resolved Release
Security Vulnerability in VERITAS (Symantec) NetBackup 6.0/6.5 GUI
A security vulnerability in VERITAS (Symantec) NetBackup 6.0/6.5 affecting the JAVA GUI application jnbSA(1M) may allow a local user with "admin" privileges the ability to execute arbitrary code with elevated privileges on the server .
This issue is referenced in Symantec Security Advisory SYM08-016 at:
2. Contributing Factors
This issue can occur in the following releases:
There are no reliable symptoms that would indicate the described issue has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Patches 119009-11 and 122073-04 have identical binaries, with the only difference being the version of VRTSnetbp being patched. Only one of the patches will be applied to a NetBackup system based on the following:
Patch 119009-11 is applicable to VERITAS NetBackup 6.0 Product for GA, with version string VERSION=6.0,REV=2005.09.07.19.13.
$ pkgparam VRTSnetbp VERSION
For more information
on Security Sun Alerts, see 1009886.1.
30-Sep-2008: Updated Contributing Factors and Resolution sections; now Resolved
This solution has no attachment