Security Vulnerabilities in the Sun StorEdge Enterprise Backup Software


Category :Security
Release Phase :Resolved
Product :Sun StorageTek Enterprise Backup Software 7.2
Sun StorageTek Enterprise Backup Software 7.0
Solstice Backup 6.0
Solstice Backup 6.1
Sun StorageTek Enterprise Backup Software 7.1  
Bug Id :6299292, 6299296, 6299285  
Date of Workaround Release :16-AUG-2005 
Date of Resolved Release :01-SEP-2005 


Impact

Security vulnerabilities in the Sun StorEdge Enterprise Backup Software may result in one or both of the following issues:

1. A remote unauthorized user may be able to circumvent the authentication procedure in the Sun StorEdge Enterprise Backup Software, and also the database server which forms part of the software, to gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) to the backup server. The remote user may be able to view files backed up by the software from other hosts, regardless of the permissions, and may be able to use the server to run arbitrary commands on other hosts running as backup clients.

In addition, a local unprivileged user may be able to gain elevated privileges on a system running the StorEdge Enterprise Backup Software.

This issue is referenced in the following documents:

2. A remote unauthorized user may be able to access the port mapping configuration of the Sun StorEdge Enterprise Backup server to cause a denial of backup service to the backup server or reconfigure the port mappings to achieve goals such as eavesdropping on network communication.

This issue is referenced in the following documents:


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solstice Backup (SBU) 6.0
  • Solstice Backup (SBU) 6.1
  • Sun StorEdge Enterprise Backup Software (EBS) 7.0
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 without patch 119670-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1L without patch 120649-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 32-bit version without patch 116831-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 64-bit version without patch 116832-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2L without patch 116834-01

x86 Platform

  • Solstice Backup (SBU) 6.0
  • Solstice Backup (SBU) 6.1
  • Sun StorEdge Enterprise Backup Software (EBS) 7.0
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 without patch 119671-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 without patch 116833-01

Symptoms

There are no reliable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 119670-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1L with patch 120649-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 32-bit version with patch 116831-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 64-bit version with patch 116832-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2L with patch 116834-01 or later

x86 Platform

  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 119671-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 with patch 116833-01 or later

Note 1: Sun StorEdge Enterprise Backup Software (EBS) 7.0 and earlier will require an upgrade to a later release with the associated patches installed to address these issues.

Note 2: The patches mentioned in this Sun Alert are for Solaris SPARC and x86 platform support only. Customers with non-Solaris UNIX platforms can go to the following location for the resolution to these issues:




Modification History


Date: 17-AUG-2005

Change History

  • Updated Contributing Factors and Resolution sections

Date: 18-AUG-2005
  • Added notes to the Relief/Workaround and Resolution sections

Date: 01-SEP-2005
  • State: Resolved
  • Updated Contributing Factors and Resolution sections



Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200524
Article Type : Sun Alert
Last reviewed : 2005-09-01
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
About Oracle | Oracle and Sun | Oracle RSS Feeds | Subscribe | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Your Privacy Rights | Copyright © 2010, Oracle Corporation and/or its affiliates | SunSolve Version 7.4.2 #1