Note: This is an archival copy of Security Sun Alert 200429 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000311.1.
Article ID : 1000311.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-11-07
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Symantec/VERITAS NetBackup

Category
Security

Release Phase
Resolved

Product
VERITAS NetBackup 6.0
VERITAS NetBackup 5.1
VERITAS NetBackup 4.5
VERITAS NetBackup 3.4
VERITAS NetBackup 5.0

Bug Id
6339204

Date of Resolved Release
28-NOV-2005

Impact

A Security vulnerability affecting Java GUI applications "jnbSA" and "jbpSA" within Symantec/VERITAS NetBackup may allow a remote unprivileged user the ability to execute arbitrary code with elevated privileges on a targeted system.

This issue is also described in VERITAS support document 279085:


Contributing Factors

This issue can occur in the following releases:

  • VERITAS NetBackup 3.4
  • VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Maintenance Pack track without patch 119004-01
  • VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Feature Pack track without patch 119005-01
  • VERITAS NetBackup Enterprise Server and NetBackup Server 5.0 without patch 119006-01
  • VERITAS NetBackup Enterprise Server and NetBackup Server 5.1 without patch 119007-01
  • VERITAS NetBackup Enterprise Server and NetBackup Server 6.0 without patch 119008-01

Windows platforms running 4.5 GA, 4.5 Maintenance Pack track, or Windows platforms running 64-bit Windows (either Maintenance Pack or Feature Pack), are not affected by this issue.

Windows platforms with NetBackup 5.0 running 64-bit Windows are also not affected.


Symptoms

There are no reliable symptoms that would indicate the described issue has been exploited.


Workaround

Refer to the following VERITAS support document for instructions on how to work around the described issue:


Resolution

This issue is addressed in the following releases:

  • VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Maintenance Pack track with patch 119004-01 or later
  • VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Feature Pack track with patch 119005-01 or later
  • VERITAS NetBackup Enterprise Server and NetBackup Server 5.0 with patch 119006-01 or later
  • VERITAS NetBackup Enterprise Server and NetBackup Server 5.1 with patch 119007-01 or later
  • VERITAS NetBackup Enterprise Server and NetBackup Server 6.0 with patch 119008-01 or later

Notes:

1. NetBackup 3.4 will require an upgrade to a later supported version with the appropriate patches to resolve this issue. It is recommended to implement the workaround described above until the software is upgraded.

2. The patches mentioned in this Sun Alert are for Solaris SPARC and x86 platform support only. Customers with non-Solaris UNIX platforms and other NetBackup supported platforms can go to the following location for the resolution to this issue:



References

119004-01
119005-01
119006-01
119007-01
119008-01




Attachments
This solution has no attachment