Symantec Security Advisory SYM06-004 - Backup Exec Remote Agents (RAWS, RANW, & RALUS)

Details:

SYM06-004

March 16th, 2006

Multiple Denial of Service (DoS) issues addressed in Application Memory
Backup Exec for Windows Servers Remote Agents:

Backup Exec Remote Agent for Windows Servers (RAWS)
Backup Exec Remote Agent for NetWare Server (RANW)
Backup Exec Remote Agent for Linux / Unix Servers (RALUS)

Revision History

None

Severity

Medium

Overview

During internal reviews of supported Backup Exec products and versions, Symantec identified and fixed multiple memory errors in which a specifically malformed packet could result in a process crash or a denial of service (DoS) preventing ongoing backup capability until the Backup Exec Remote Agent (for Windows, for Netware, or RALUS) service is restarted.

Affected Products

Backup Exec 10d (10.1) for Windows Servers rev. 5629 - All Remote Agents (RAWS, RANW, & RALUS)

Backup Exec 10.0 for Windows Servers rev. 5520 - All Remote Agents (RAWS, RANW, & RALUS)

Backup Exec 10.0 for Windows Servers rev. 5484 - All Remote Agents (RAWS, RANW, & RALUS)

Backup Exec 9.1 for Windows Servers rev. 4691 - Remote Agent for Windows Servers (RAWS)

Note: Product versions prior to those listed above are EOL (End of Life) for hotfix development. Customers running legacy product versions should upgrade to a version listed above and apply the appropriate updates. This issue also affects Backup Exec for Netware Servers. More detail can be found by going to the appropriate document in the Related Documents section at the bottom of this document.

Details

Symantec engineers resolved issues discovered during internal review in which malformed input could potentially cause memory access violations or exhaust system resources. Any of these issues could cause a process crash or DoS and temporary loss of backup capability. In the majority of issues, the Backup Exec RAWS service would need to be stopped and restarted to regain operational capability.

Symantec Response
Security updates are available for all supported affected products. Symantec recommends all customers apply the latest updates for their supported product versions to protect against these types of threats.

Symantec knows of no attempts to exploit or adverse customer impact from this issue.

The Hotfixes listed under RAWS, when applied to the media server, also address the issue described in Symantec Security Advisory SYM06-005, which is referenced in the Related Documents section at the bottom of this document.

RAWS (Remote Agent for Windows Servers)

Backup Exec 10d (10.1) for Windows Servers rev. 5629, Hotfix 24

http://support.veritas.com/docs/282377

Backup Exec 10.0 for Windows Servers rev. 5520, Hotfix 28

http://support.veritas.com/docs/282378

Backup Exec 10.0 for Windows Servers rev. 5484, Hotfix 33

http://support.veritas.com/docs/282259

Backup Exec 9.1 for Windows Servers rev. 4691, Hotfix 56

http://support.veritas.com/docs/282260

RALUS (Remote Agent for Linux & Unix Servers)

Backup Exec 10d (10.1) for Windows Servers rev. 5629, Hotfix 21

http://support.veritas.com/docs/282308

Backup Exec 10.0 for Windows Servers rev. 5520, Hotfix 27

http://support.veritas.com/docs/282312

Backup Exec 10.0 for Windows Servers rev. 5484, Hotfix 34

http://support.veritas.com/docs/282313

Remote Agent for Netware Servers

Backup Exec 10.x for Windows Servers (use the updated RANW 9.1.1158.9)

http://support.veritas.com/docs/282302

For a listing of all Backup Exec for Windows Servers critical Software & Security Alerts go to the Backup Exec for Windows Servers area of the Support site and choose "Software & Security Alerts" or click the following URL:
http://support.veritas.com/menu_ddProduct_BEWNT_view_ALERT.htm

Best Practices
As part of normal best practices, Symantec strongly recommends:

Restrict access to administration or management systems to privileged users.
Restrict remote access, if required, to trusted/authorized systems only.
Run under the principle of least privilege where possible to limit the impact of exploit by threats such as this.
Keep all operating systems and applications updated with the latest vendor patches.
Follow a multi-layered approach to security. Run both firewall and antivirus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities

·
CVE

A CVE candidate number will be requested from The Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised as required once the CVE candidate number has been assigned. This issue is a candidate for inclusion in the CVE list ( http://cve.mitre.org ) which standardizes names for security problems.

Products Applied:
Backup Exec for Windows Servers 10.0, 10d (10.1), 9.0, 9.1

Last Updated: March 22 2006 10:07 PM GMT
Expires on: 365 days from publish date

Subscribe to receive critical updates about this document

Subjects:
Backup Exec for Windows Servers
Publishing Status: Techalert
Remote Agent For Windows Servers: Troubleshoot

Languages:
English (US), French, German, Spanish, Italian, Japanese, Chinese, Korean

Operating Systems:
Windows 2000

Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, Server, Server Windows Powered

Windows XP

Pro 5.1

Windows Server 2003

DataCenter, Enterprise (IA64), Enterprise (x64), Enterprise Server, Standard Server, Standard Server(x64), Storage Server, Web Server

Windows Small Business Server 2003

Premium Edition, Standard Edition

Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com

THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.