Note: This is an archival copy of Security Sun Alert 253287 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020160.1.
Article ID : 1020160.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2009-04-15
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the VERITAS (Symantec) NetBackup Network Daemon may Allow Escalation of Privileges

Category
Security

Release Phase
Resolved

Bug Id
6803212, 6803215, 6797673, 6797674

Product
Veritas NetBackup 6.0
Veritas NetBackup 6.5

Date of Resolved Release
16-Apr-2009

Security Vulnerability in the VERITAS (Symantec) NetBackup network daemon may allow escalation of privileges:

1. Impact

A Security Vulnerability in the VERITAS (Symantec) NetBackup network daemon may allow an unprivileged local user to leverage the Veritas network daemon (vnetd) to gain elevated privileges on the system.

This issue is referenced in Symantec Security Advisory SYM09-002 at:
2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
  • VERITAS (Symantec) NetBackup 6.0 GA version without patch 136859-01
  • VERITAS (Symantec) NetBackup 6.0 MP4 CD version without patch 136860-01
  • VERITAS (Symantec) NetBackup 6.5 without patch 136863-01
x86 Platform
  • VERITAS (Symantec) NetBackup 6.5 without patch 136864-01
Note 1: NetBackup 5.x and earlier versions are no longer supported and will require an upgrade to a later supported version with the appropriate patches to resolve this issue.

Note 2:  NetBackup 6.0 and earlier versions are not shipped for the x86 Platform.

Note 3: To determine if a system is running the 6.0 GA version or the 6.0 MP4 CD version, execute the following command:
    $ pkgparam VRTSnetbp VERSION
    VERSION=6.0,REV=2005.09.07.19.13
The 6.0 GA version responds with  VERSION=6.0,REV=2005.09.07.19.13
The 6.0 MP4 CD version responds with  VERSION=6.0,REV=2006.11.09.18.12
3. Symptoms

There are no predictable symptoms to indicate that the described issue has been exploited to gain elevated privileges.

4. Workaround

Sites unable to update immediately to the recommended solution should restrict inbound access to the vnetd listening port (TCP/13724) on all systems.  This may be done by using firewall applications on the affected systems. Please refer to the firewall documentation on how to setup the access authorizations. Normal operations should restrict client to client communications and allow master server to media server, media server to media server, and master/media server to client communications only.

As part of normal best practices, Symantec strongly recommends the following:
  • Restrict access to administration or management systems to privileged users.
  • Restrict remote access, if it is required, to trusted/authorized systems only.
  • Run under the principle of least privilege where possible to limit the impact of potential exploits.
  • Keep all operating systems and applications updated with the latest vendor patches.
  • Follow a multi-layered approach to security. Run both firewall and antivirus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
  • Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities.
5. Resolution

This issue is addressed in the following releases:

SPARC Platform
  • VERITAS (Symantec) NetBackup 6.0 GA version with patch 136859-01 or later
  • VERITAS (Symantec) NetBackup 6.0 MP4 CD version with patch 136860-01 or later
  • VERITAS (Symantec) NetBackup 6.5 with patch 136863-01 or later
x86 Platform
  • VERITAS (Symantec) NetBackup 6.5 with patch 136864-01 or later
Notes:
Patches 136859-01 and 136860-01 have identical binaries, with the only difference being the version of VRTSnetbp being patched. Only one of the patches will be applied to a NetBackup system based on the following:

Patch 136859-01 is applicable to VERITAS NetBackup 6.0 Product for GA, with version string VERSION=6.0,REV=2005.09.07.19.13.

Patch 136860-01 is applicable to VERITAS NetBackup 6.0 MP4 CD with version string VERSION=6.0,REV=2006.11.09.18.12.

For more information on Security Sun Alerts, see 1009886.1.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.

References

136859-01
136860-01
136863-01
136864-01




Attachments
This solution has no attachment