Document ID: 278431
http://support.veritas.com/docs/278431
E-Mail this document to a colleague
http://support.veritas.com/docs/278431
E-Mail this document to a colleague
VERITAS Backup Exec for NetWare Servers Security Advisory: Unauthorized downloading of arbitrary files
Details:
This issue
affects the following versions of Backup Exec for NetWare Servers along with the
respective Remote Agent for NetWare Servers (RANW) and Remote Agent for Windows
Servers (RAWS):
- Backup Exec (tm) 9.0 for NetWare Servers
- Backup Exec (tm) 9.1 for NetWare Servers
What is
affected?
Backup Exec 9.0
and 9.1 for NetWare Servers is susceptible to a vulnerability that may allow an
unauthorized remote attacker to download arbitrary files. A metasploit framework
exploit is available and there are reports of this vulnerability currently being
exploited in the wild. Backup Exec media servers as well as machines using the
Remote Agent for NetWare (RANW) or Remote Agent for Windows Servers (RAWS) are
susceptible to this vulnerability.
Note: The risk
for this issue can be substantially mitigated if port 10000 is not available
outside of the perimeter network.
Formal
Resolution:
The
issue has been resolved in:
Backup
Exec 9.1.1158.3 for Netware Servers
English
Only Installation File:
English/French/German
Installation file:
Note:
Those with Backup Exec 9.0 for NetWare Servers will need to either upgrade to
version 9.1 or higher, or rely on the workarounds provided in this article.
Workaround
Information:
To prevent this
issue until a fix can be obtained, perform any of the following:
- Block external access at the network boundary, unless service is required by external parties
- Block external access to the service (TCP port 10000) at the network perimeter. Permit access for trusted or internal computers and networks only
- Deploy network intrusion detection systems to monitor network traffic for malicious activity
- Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities.
Symantec
strongly recommends the following best practices:
1. Check back
with this TechNote frequently as any changes to and fixes for this issues will
be reflected here. This document will be updated as more information and the
resolution become available. It may be necessary to refresh the Web browser
interface during subsequent visits to the web page to view the latest version
and information.
2. Always
perform a Full backup prior to and after any changes to your
environment
3. Always make
sure that your environment is running the latest version and patch
level
If you have any
questions or concerns about this issue, please contact Symantec Technical
Support
Products Applied:
Backup Exec for NetWare 9.0, 9.1
Backup Exec for NetWare 9.0, 9.1
Last Updated: August 13 2005 04:56 AM GMT
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Subjects:
Backup Exec for NetWare
Application: Agent Support, Configuration, Security
Publishing Status: Techalert
Remote Agent: Troubleshoot
Remote Agent For Windows Servers: Troubleshoot
Backup Exec for NetWare
Application: Agent Support, Configuration, Security
Publishing Status: Techalert
Remote Agent: Troubleshoot
Remote Agent For Windows Servers: Troubleshoot
Languages:
English (US), French, German
English (US), French, German
Operating Systems:
NetWare
NetWare
4.2, 5.0, 5.1, 6.0, 6.5
Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.