SecurityVulnerabilities in Sun StorEdge Enterprise Backup Software (EBS) |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | Sun StorageTek Enterprise Backup Software 7.2
Sun StorageTek Enterprise Backup Software 7.0
Solstice Backup 6.0
Solstice Backup 6.1
Sun StorageTek Enterprise Backup Software 7.1
|
| Bug Id : | 6371520
|
| Date of Workaround Release : | 25-JAN-2006
|
| Date of Resolved Release : | 30-JAN-2006
|
There are three vulnerabilities in Sun StorEdge Enterprise Backup Software (EBS), which affect both the client and server applications. Two of the vulnerabilities could permit a local or remote unauthorized user to gain access to a host system and execute arbitrary code. One may allow a local or remote unauthenticated user to cause a system crash on the server, which would lead to a Denial of Service (DoS) condition.
Note: To date there are no reported incidences of this issue having occurred in a "live" (public) environment.
These issues are referenced in the following iDEFENSE (http://www.idefense.com) documents:
IDEF1237 "...Networker nsrd.exe DoS Vulnerability" at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375
IDEF1238 "...Networker nsrexecd.exe Heap Overflow Vulnerability" at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374
IDEF1239 "...Networker nsrd.exe Heap Overflow Vulnerability" at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373
and also
CAN-2005-3658 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3658
CAN-2005-3659 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3659
Contributing Factors
These issues can occur in the following releases:
SPARC Platform
- Solstice Backup (SBU) 6.0
- Solstice Backup (SBU) 6.1
- Sun StorEdge Enterprise Backup Software (EBS) 7.1 without patch 116826-06
- Sun StorEdge Enterprise Backup Software (EBS) 7.1L without patch 116828-04
- Sun StorEdge Enterprise Backup Software (EBS) 7.2 (32 bit) without patch 120650-01
- Sun StorEdge Enterprise Backup Software (EBS) 7.2 (64 bit) without patch 120651-01
- Sun StorEdge Enterprise Backup Software (EBS) 7.2L without patch 120653-01
x86 Platform
- Solstice Backup (SBU) 6.0
- Solstice Backup (SBU) 6.1
- Sun StorEdge Enterprise Backup Software (EBS) 7.1 without patch 116827-07
- Sun StorEdge Enterprise Backup Software (EBS) 7.2 without patch 120652-01
Note: These issues are known to affect all Sun StorEdge Enterprise Backup Software (EBS) versions prior to 7.3 release.
To determine if Solstice Backup (SBU) is installed on a system, the following command can be run:
$ pkginfo | grep SUNWsbu
To determine the version of Solstice Backup (SBU) on a system, the following command can be run:
$ pkginfo -l SUNWsbuX
(where 'X' is one of the last characters of the EBS package names found from the above pkginfo(1) command).
To determine if Sun StorEdge EBS is installed on a system, the following command can be run:
$ pkginfo | grep SUNWebs
To determine the version of Sun StorEdge EBS on a system, the following command can be run:
$ pkginfo -l SUNWebsX
(where 'X' is one of the last characters of the EBS package names found from the above pkginfo(1) command).
Symptoms
There are no reliable symptoms that would indicate the described issues have been exploited.
Workaround
There is no workaround to these issues. Please see the Resolution section below.
Resolution
These issues are addressed in the following releases:
SPARC Platform
- Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 116826-06 or later
- Sun StorEdge Enterprise Backup Software (EBS) 7.1L with patch 116828-04 or later
- Sun StorEdge Enterprise Backup Software (EBS) 7.2 (32 bit) with patch 120650-01 or later
- Sun StorEdge Enterprise Backup Software (EBS) 7.2 (64 bit) with patch 120651-01 or later
- Sun StorEdge Enterprise Backup Software (EBS) 7.2L with patch 120653-01 or later
- Sun StorEdge Enterprise Backup Software (EBS) 7.3
x86 Platform
- Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 116827-07 or later
- Sun StorEdge Enterprise Backup Software (EBS) 7.2 with patch 120652-01 or later
- Sun StorEdge Enterprise Backup Software (EBS) 7.3
Notes:
- Sun StorEdge Enterprise Backup Software (EBS) 7.0 and earlier will require an upgrade to a later release with the associated patches installed to address these issues.
- The patches mentioned in this Sun Alert are for Solaris SPARC and Solaris x86/x64 platform support only. Non-Solaris UNIX platforms and other Sun StorEdge Enterprise Backup Software (EBS) supported platforms can go to the following location for the resolution to this issue:
http://www.legato.com/support/websupport/patches_updates/networker.htm
Modification HistoryDate: 30-JAN-2006
30-Jan-2006:
- Updated Contributing Factors and Resolution sections, re-release Resolved
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
