Secunia Security Advisory - Some vulnerabilities have been reported in Symantec Veritas NetBackup, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to overwrite arbitrary files or compromise a vulnerable system.
46b310d98627393866d070cd709dc1fa8271ba2a57f7a1ef90ff3530c50418e8
----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Symantec Veritas NetBackup Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32026
VERIFY ADVISORY:
http://secunia.com/advisories/32026/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Manipulation of data, System access
WHERE:
>From remote
SOFTWARE:
VERITAS NetBackup Enterprise Server 6.x
http://secunia.com/advisories/product/5850/
VERITAS NetBackup Enterprise Server 5.x
http://secunia.com/advisories/product/4121/
VERITAS NetBackup Server 5.x
http://secunia.com/advisories/product/4122/
VERITAS NetBackup Server 6.x
http://secunia.com/advisories/product/5851/
DESCRIPTION:
Some vulnerabilities have been reported in Symantec Veritas
NetBackup, which can be exploited by malicious users to bypass
certain security restrictions and by malicious people to overwrite
arbitrary files or compromise a vulnerable system.
1) An unspecified error in the JAVA Administration GUI (jnbSA) can be
exploited to execute restricted commands with escalated privileges.
Successful exploitation requires a valid user account and GUI
access.
2) Multiple vulnerabilities are caused due to an insecure method and
various boundary errors present in the PVATLCalendar.PVCalendar.1
(pvcalendar.ocx) ActiveX control.
For more information:
SA27885
The vulnerabilities are reported in Symantec Veritas NetBackup Server
and Symantec Veritas NetBackup Enterprise Server versions 5.1, 6.0,
and 6.5.
SOLUTION:
Update to a fixed version.
Symantec Veritas NetBackup Server/Enterprise Server 5.1:
Update to version 5.1MP7.
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER30455
Symantec Veritas NetBackup Server/Enterprise Server 6.0:
Update to version 6.0MP7.
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER32168
Symantec Veritas NetBackup Server/Enterprise Server 6.5:
Update to version 6.5.2.
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER31008
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Kyle Noonan of Sun Microsystems.
2) JJ Reyes, Secunia Research
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2008.09.24a.html
http://seer.support.veritas.com/docs/308669.htm
OTHER REFERENCES:
SA27885:
http://secunia.com/advisories/27885/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------