Security Vulnerability in Symantec/VERITAS NetBackup |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | VERITAS NetBackup 6.0
VERITAS NetBackup 5.1
VERITAS NetBackup 4.5
VERITAS NetBackup 3.4
VERITAS NetBackup 5.0
|
| Bug Id : | 6339204
|
| Date of Resolved Release : | 28-NOV-2005
|
A Security vulnerability affecting Java GUI applications "jnbSA" and "jbpSA" within Symantec/VERITAS NetBackup may allow a remote unprivileged user the ability to execute arbitrary code with elevated privileges on a targeted system.
This issue is also described in VERITAS support document 279085:
Contributing Factors
This issue can occur in the following releases:
- VERITAS NetBackup 3.4
- VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Maintenance Pack track without patch 119004-01
- VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Feature Pack track without patch 119005-01
- VERITAS NetBackup Enterprise Server and NetBackup Server 5.0 without patch 119006-01
- VERITAS NetBackup Enterprise Server and NetBackup Server 5.1 without patch 119007-01
- VERITAS NetBackup Enterprise Server and NetBackup Server 6.0 without patch 119008-01
Windows platforms running 4.5 GA, 4.5 Maintenance Pack track, or Windows platforms running 64-bit Windows (either Maintenance Pack or Feature Pack), are not affected by this issue.
Windows platforms with NetBackup 5.0 running 64-bit Windows are also not affected.
Symptoms
There are no reliable symptoms that would indicate the described issue has been exploited.
Workaround
Refer to the following VERITAS support document for instructions on how to work around the described issue:
Resolution
This issue is addressed in the following releases:
- VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Maintenance Pack track with patch 119004-01 or later
- VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5 Feature Pack track with patch 119005-01 or later
- VERITAS NetBackup Enterprise Server and NetBackup Server 5.0 with patch 119006-01 or later
- VERITAS NetBackup Enterprise Server and NetBackup Server 5.1 with patch 119007-01 or later
- VERITAS NetBackup Enterprise Server and NetBackup Server 6.0 with patch 119008-01 or later
Notes:
1. NetBackup 3.4 will require an upgrade to a later supported version with the appropriate patches to resolve this issue. It is recommended to implement the workaround described above until the software is upgraded.
2. The patches mentioned in this Sun Alert are for Solaris SPARC and x86 platform support only. Customers with non-Solaris UNIX platforms and other NetBackup supported platforms can go to the following location for the resolution to this issue:
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
