Document ID: 282274
http://support.veritas.com/docs/282274
E-Mail this document to a colleague
http://support.veritas.com/docs/282274
E-Mail this document to a colleague
Symantec Security Advisory SYM06-004: Veritas NetBackup (tm) for NetWare Media Server Options: Application Memory Denial of Service
Details:
Symantec Security
Advisory
SYM06-004
27 March 2006
Veritas NetBackup (tm) for NetWare Media Server Options: Application Memory Denial of Service
Revision History
3/27/2006 - Updated advisory to include NetBackup for NetWare Media Servers Option versions as affected with solution download locations
Severity
Medium
Overview
During internal reviews of supported Veritas NetBackup for NetWare Media Server Options products and versions, Symantec identified and fixed memory errors that could result in a process crash or a denial of service (DoS) preventing ongoing backup capability until backup services are restarted.
Supported Product(s) and Agent Affected
NOTE: ONLY the products and versions listed above are known to be affected by these issues.
Product versions prior to those listed above are NOT supported. Customers running any of the affected product versions, listed above, should upgrade and apply updates.
Details
Symantec engineers resolved issues discovered during internal review in which malformed input could potentially cause memory access violations or exhaust system resources. Any of these issues could cause a process crash or DoS and temporary loss of backup capability. In the majority of issues, the affected service would need to be restarted to regain operational capability.
Symantec Response
Security updates are available for all supported affected products. Symantec recommends all customers apply the latest updates for their supported product versions to protect against these types of threats.
Symantec knows of no adverse customer impact from this issue.
The Maintenance Packs listed above for affected Veritas NetBackup for NetWare Media Server Options are available in the Related Documents section below, or from the Support Web site:
NetBackup Enterprise Server/Server 5.0, 5.1 and 6.0: http://support.veritas.com/menu_ddProduct_NBUESVR_view_DOWNLOAD.htm
NetBackup DataCenter/BusinesServer 4.5: http://www.support.veritas.com/menu_ddProduct_NETBACKUPDC_view_DOWNLOAD.htm
Best Practices
SYM06-004
27 March 2006
Veritas NetBackup (tm) for NetWare Media Server Options: Application Memory Denial of Service
Revision History
3/27/2006 - Updated advisory to include NetBackup for NetWare Media Servers Option versions as affected with solution download locations
Severity
Medium
| Type of Exploit | Vulnerable |
|---|---|
| Remote Access | Yes |
| Local Access | No |
| Authentication Required | No |
| Exploit publicly available | No |
Overview
During internal reviews of supported Veritas NetBackup for NetWare Media Server Options products and versions, Symantec identified and fixed memory errors that could result in a process crash or a denial of service (DoS) preventing ongoing backup capability until backup services are restarted.
Supported Product(s) and Agent Affected
| Product | Version | Solution(s) |
|---|---|---|
| NetBackup for Netware Media Server Option | 4.5MP | NB_NMS_45_9S2_M |
| NetBackup for Netware Media Server Option | 4.5FP | NB_NMS_45_9S2_F |
| NetBackup for Netware Media Server Option | 5.0 | NB_NMS_50_6S01_M |
| NetBackup for Netware Media Server Option | 5.1 | NB_NMS_51_4S01_M |
| NetBackup for Netware Media Server Option | 6.0 | NB_NMS_60_2_M |
NOTE: ONLY the products and versions listed above are known to be affected by these issues.
Product versions prior to those listed above are NOT supported. Customers running any of the affected product versions, listed above, should upgrade and apply updates.
Details
Symantec engineers resolved issues discovered during internal review in which malformed input could potentially cause memory access violations or exhaust system resources. Any of these issues could cause a process crash or DoS and temporary loss of backup capability. In the majority of issues, the affected service would need to be restarted to regain operational capability.
Symantec Response
Security updates are available for all supported affected products. Symantec recommends all customers apply the latest updates for their supported product versions to protect against these types of threats.
Symantec knows of no adverse customer impact from this issue.
The Maintenance Packs listed above for affected Veritas NetBackup for NetWare Media Server Options are available in the Related Documents section below, or from the Support Web site:
NetBackup Enterprise Server/Server 5.0, 5.1 and 6.0: http://support.veritas.com/menu_ddProduct_NBUESVR_view_DOWNLOAD.htm
NetBackup DataCenter/BusinesServer 4.5: http://www.support.veritas.com/menu_ddProduct_NETBACKUPDC_view_DOWNLOAD.htm
Best Practices
- As part of normal best practices, Symantec recommends:
- Restrict access to administration or management systems to privileged users.
- Restrict remote access, if required, to trusted/authorized systems only.
- Run under the principle of least privilege where possible to limit the impact of exploit by threats such as this.
- Keep all operating systems and applications updated with the latest vendor patches.
- Follow a multi-layered approach to security. Run both firewall and antivirus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
- Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities
CVE
A CVE candidate number will be requested from The Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised as required once the CVE candidate number has been assigned. This issue is a candidate for inclusion in the CVE list which standardizes names for security problems. http://cve.mitre.org/
A CVE candidate number will be requested from The Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised as required once the CVE candidate number has been assigned. This issue is a candidate for inclusion in the CVE list which standardizes names for security problems. http://cve.mitre.org/
Related Documents:
http://support.veritas.com/docs/282409
http://support.veritas.com/docs/282427
http://support.veritas.com/docs/282428
http://support.veritas.com/docs/282429
http://support.veritas.com/docs/282430
http://support.veritas.com/docs/282409
http://support.veritas.com/docs/282427
http://support.veritas.com/docs/282428
http://support.veritas.com/docs/282429
http://support.veritas.com/docs/282430
Products Applied:
NetBackup BusinesServer 4.5, 4.5 (FP3), 4.5 (FP4), 4.5 (FP5), 4.5 (FP6), 4.5 (FP7), 4.5 (FP8), 4.5 (FP9), 4.5 (MP1), 4.5 (MP2), 4.5 (MP3), 4.5 (MP4), 4.5 (MP5), 4.5 (MP6), 4.5 (MP7), 4.5 (MP8), 4.5 (MP9)
NetBackup DataCenter 4.5, 4.5 (FP3), 4.5 (FP4), 4.5 (FP5), 4.5 (FP6), 4.5 (FP7), 4.5 (FP8), 4.5 (FP9), 4.5 (MP1), 4.5 (MP2), 4.5 (MP3), 4.5 (MP4), 4.5 (MP5), 4.5 (MP6), 4.5 (MP7), 4.5 (MP8), 4.5 (MP9)
NetBackup Enterprise Server 5.0, 5.0 MP1, 5.0 MP2, 5.0 MP3, 5.0 MP4, 5.0 MP5, 5.0 MP6, 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 6.0, 6.0 MP1, 6.0 MP2 (Fixed)
NetBackup Server 5.0, 5.0 MP1, 5.0 MP2, 5.0 MP3, 5.0 MP4, 5.0 MP5, 5.0 MP6, 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 6.0, 6.0 MP1, 6.0 MP2 (Fixed)
NetBackup BusinesServer 4.5, 4.5 (FP3), 4.5 (FP4), 4.5 (FP5), 4.5 (FP6), 4.5 (FP7), 4.5 (FP8), 4.5 (FP9), 4.5 (MP1), 4.5 (MP2), 4.5 (MP3), 4.5 (MP4), 4.5 (MP5), 4.5 (MP6), 4.5 (MP7), 4.5 (MP8), 4.5 (MP9)
NetBackup DataCenter 4.5, 4.5 (FP3), 4.5 (FP4), 4.5 (FP5), 4.5 (FP6), 4.5 (FP7), 4.5 (FP8), 4.5 (FP9), 4.5 (MP1), 4.5 (MP2), 4.5 (MP3), 4.5 (MP4), 4.5 (MP5), 4.5 (MP6), 4.5 (MP7), 4.5 (MP8), 4.5 (MP9)
NetBackup Enterprise Server 5.0, 5.0 MP1, 5.0 MP2, 5.0 MP3, 5.0 MP4, 5.0 MP5, 5.0 MP6, 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 6.0, 6.0 MP1, 6.0 MP2 (Fixed)
NetBackup Server 5.0, 5.0 MP1, 5.0 MP2, 5.0 MP3, 5.0 MP4, 5.0 MP5, 5.0 MP6, 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 6.0, 6.0 MP1, 6.0 MP2 (Fixed)
Last Updated: March 27 2006 05:47 PM GMT
Expires on: 03-27-2007
Subscribe to receive critical updates about this document
Expires on: 03-27-2007
Subscribe to receive critical updates about this document
Subjects:
NetBackup BusinesServer
Application: Informational
Publishing Status: Techalert
NetBackup DataCenter
Application: Informational
Publishing Status: Techalert
NetBackup Enterprise Server
Application: Informational
Publishing Status: Techalert
NetBackup Server
Application: Informational
Publishing Status: Techalert
NetBackup BusinesServer
Application: Informational
Publishing Status: Techalert
NetBackup DataCenter
Application: Informational
Publishing Status: Techalert
NetBackup Enterprise Server
Application: Informational
Publishing Status: Techalert
NetBackup Server
Application: Informational
Publishing Status: Techalert
Languages:
English (US)
English (US)
Operating Systems:
NetWare
NetWare
5.1, 6.0, 6.5
Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.