Document ID: 282279
http://support.veritas.com/docs/282279
E-Mail this document to a colleague
http://support.veritas.com/docs/282279
E-Mail this document to a colleague
Symantec Security Advisory SYM06-004 - Backup Exec for NetWare Servers
Details:
Severity
Overview
Affected Products
Note: Backup Exec 9.0 for NetWare Servers is EOL (End of Life) for hotfix development. Customers with this product version should upgrade to a version listed above. Versions of Backup Exec for NetWare prior to version 9.0 are not affected.
Details
Symantec Response
Security updates are available for all supported affected products. Symantec recommends all customers apply the latest updates for their supported product versions to protect against these types of threats.
Symantec knows of no attempts to exploit or adverse customer impact from this issue.
The Backup Exec for NetWare Servers media server, the Remote Agent for NetWare Servers, and the Remote Agent for Windows Servers can be updated using the following links.
Please select the downloads that match your currently installed version of Backup Exec for NetWare Servers:
Backup Exec 9.2 for NetWare Servers:
Best Practices
As part of normal best practices, Symantec strongly recommends:
For a listing of all Backup Exec for NetWare Servers critical Software & Security Alerts go to the Backup Exec for NetWare Servers area of http://support.veritas.com and choose "Software & Security Alerts."
SYM06-004
March 16th, 2006
Backup Exec: multiple Denial of Service (DoS) issues addressed in Application Memory
Revision History
March 16th, 2006
Backup Exec: multiple Denial of Service (DoS) issues addressed in Application Memory
Revision History
None
Severity
Medium
Overview
During internal reviews of
supported Backup Exec products and versions, Symantec identified and fixed
multiple memory errors in which a specifically malformed packet could result in
a process crash or a denial of service (DoS) preventing ongoing backup
capability until the Backup Exec Remote Agent (for Windows, for NetWare, or
RALUS) service is restarted.
Affected Products
The Backup Exec for NetWare
Servers media servers and Remote Agents for NetWare, Windows, and Linux/Unix are
affected. Each of these components in a Backup Exec for NetWare Servers
installation need to be updated.
Backup Exec 9.2 for NetWare
Servers - All Agents (Netware, Windows, & Linux/Unix)
Backup Exec 9.1 for NetWare
Servers - All Agents (NetWare, Windows, & Linux/Unix)
Note: Backup Exec 9.0 for NetWare Servers is EOL (End of Life) for hotfix development. Customers with this product version should upgrade to a version listed above. Versions of Backup Exec for NetWare prior to version 9.0 are not affected.
Details
Symantec
engineers resolved issues discovered during internal review in which malformed
input could potentially cause memory access violations or exhaust system
resources. Any of these issues could cause a process crash or DoS and temporary
loss of backup capability. In the majority of issues, the Backup Exec RAWS
service would need to be stopped and restarted to regain operational
capability.
Symantec Response
Security updates are available for all supported affected products. Symantec recommends all customers apply the latest updates for their supported product versions to protect against these types of threats.
Symantec knows of no attempts to exploit or adverse customer impact from this issue.
The Backup Exec for NetWare Servers media server, the Remote Agent for NetWare Servers, and the Remote Agent for Windows Servers can be updated using the following links.
Please select the downloads that match your currently installed version of Backup Exec for NetWare Servers:
Backup Exec 9.2 for NetWare Servers:
Backup Exec 9.2.1401.3 for
NetWare Servers
The Remote Agent for Linux &
Unix Servers (RALUS) must also be updated with the following hotfix:
10.1.5629 - Hotfix 21 -
Remote Agent for Linux/Unix Servers (RALUS) update
Backup Exec 9.1 for NetWare Servers:
Backup Exec 9.1.1158.9 for
NetWare Servers
Backup Exec 9.1.1158.9 Remote
Agent for NetWare Servers
Best Practices
As part of normal best practices, Symantec strongly recommends:
- Restrict access to administration or management systems to privileged users.
- Restrict remote access, if required, to trusted/authorized systems only.
- Run under the principle of least privilege where possible to limit the impact of exploit by threats such as this.
- Keep all operating systems and applications updated with the latest vendor patches.
- Follow a multi-layered approach to security. Run both firewall and antivirus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
- Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities
·
CVE
CVE
A CVE candidate number will be
requested from The Common Vulnerabilities and Exposures (CVE) initiative. This
advisory will be revised as required once the CVE candidate number has been
assigned. This issue is a candidate for inclusion in the CVE list
( http://cve.mitre.org ) which standardizes names for security
problems.
For a listing of all Backup Exec for NetWare Servers critical Software & Security Alerts go to the Backup Exec for NetWare Servers area of http://support.veritas.com and choose "Software & Security Alerts."
Related Documents:
http://support.veritas.com/docs/282293
http://support.veritas.com/docs/282299
http://support.veritas.com/docs/282302
http://support.veritas.com/docs/282308
http://support.veritas.com/docs/282293
http://support.veritas.com/docs/282299
http://support.veritas.com/docs/282302
http://support.veritas.com/docs/282308
Products Applied:
Backup Exec for NetWare 9.0, 9.1, 9.2
Backup Exec for NetWare 9.0, 9.1, 9.2
Last Updated: March 17 2006 07:26 PM GMT
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Subjects:
Backup Exec for NetWare
Application: Agent Support
Publishing Status: Techalert
Backup Exec for NetWare
Application: Agent Support
Publishing Status: Techalert
Languages:
English (US), French, German
English (US), French, German
Operating Systems:
NetWare
NetWare
4.2, 5.1, 6.0, 6.5
Windows 2000
Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, Server, Server Windows Powered
Solaris
8.0 (32-bit), 8.0 (64-bit), 9.0, 9.0 (32-bit), 9.0 (64-bit)
Linux
RHAS 2.1, RHEL 3.0 (AS, ES, WS), SLES 9, SuSe 9.0
Windows XP
Pro 5.1
Windows Server 2003
DataCenter, Enterprise (IA64), Enterprise (x64), Enterprise Server, Standard Server, Standard Server(x64), Storage Server SP1, Web Server
Windows Small Business Server 2003
Premium Edition, Standard Edition
VMWare ESX
2.5
Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.