Document ID: 308669
http://support.veritas.com/docs/308669
E-Mail this document to a colleague
http://support.veritas.com/docs/308669
E-Mail this document to a colleague
Symantec Security Advisory SYM08-007: Multiple Vulnerabilities in Scheduler component for NetBackup Server/Enterprise Server on all supported Windows Platforms.
Details:
Credit
Symantec would like to thank JJ Reyes with Secunia Research for reporting these findings and coordinating closely with Symantec as we resolved the issues.
References
The Common Vulnerabilities and Exposures (CVE) initiative has assigned:
Symantec Security Advisory
SYM08-007
24 September, 2008
Multiple Vulnerabilities in Scheduler component for NetBackup Server/Enterprise Server on all supported Windows Platforms.
Revision History
Exploitation code has been found to be publicly available for this issue.
Severity
Medium (highly configuration dependent)
Overview
Vulnerabilities were reported in the NetBackup Server / Enterprise Server Scheduler for the versions indicated below. Exploitation of these issues could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user's browser. However, successful exploitation requires specific conditions.
Affected Products
Note: ONLY the products and versions listed as affected above are vulnerable to these issues. This issue impacts Windows NetBackup Servers only. Remote clients are not affected.
Details
Symantec was alerted to multiple vulnerabilities consisting of stack overflows and unsafe method calls that Secunia Research discovered in an ActiveX control, installed with NetBackup Server/Enterprise Server for Windows as a part of the scheduler component. Although this control is not intended to be called via an external web browser, it failed to properly parse or validate external input. If accessed by an authorized but non-privileged user, this improper validation could potentially result in a browser crash or it could possibly permit unauthorized methods calls allowing access to overwrite or corrupt files. Unauthorized access to the vulnerable control could also result in possible buffer overflows with the potential for malicious code execution in the context of the targeted browser.
The impact of this threat is considerably lessened as it would require authorized user involvement in any attempt to compromise the targeted server. To exploit successfully, an attacker would need to be aware of the exact path to the vulnerable control. An attacker would have to be able to effectively entice a user to upload and execute malicious scripts via HTML email or visit a malicious web site hosting malicious code that could be effectively run against this vulnerable control.
Symantec Response
Symantec product engineers have developed and released solutions for this issue through Symantec's LiveUpdate capability and support channels as indicated.
Symantec recommends all customers apply all updates to protect against threats of this nature.
Symantec knows of no exploitation of or adverse customer impact from these issues.
The patches listed for affected products are available from the following location:
NetBackup Server/Enterprise Server 5.1 MP7:
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER30455
NetBackup Server/Enterprise Server 6.0 MP7:
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER32168
NetBackup Server/Enterprise Server 6.5.2:
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER31008
Mitigation
Symantec has developed IDS signatures to detect and block attempts to exploit these issues.
Best Practices
As part of normal best practices, Symantec strongly recommends a multi-layered approach to security:
SYM08-007
24 September, 2008
Multiple Vulnerabilities in Scheduler component for NetBackup Server/Enterprise Server on all supported Windows Platforms.
Revision History
Exploitation code has been found to be publicly available for this issue.
Severity
Medium (highly configuration dependent)
| - | - |
|---|---|
| Remote Access | Yes |
| Local Access | No |
| Authentication Required | Authenticated user involvement required |
| Exploit publicly available | Yes |
Overview
Vulnerabilities were reported in the NetBackup Server / Enterprise Server Scheduler for the versions indicated below. Exploitation of these issues could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user's browser. However, successful exploitation requires specific conditions.
Affected Products
| Product | Version | Build | Solution |
|---|---|---|---|
| NetBackup Server/Enterprise on Windows Platforms | 5.1 | Prior to 51_MP7 | 5.1 MP7 |
| NetBackup Server/Enterprise on Windows Platforms | 6.0 | Prior to 60_MP7 | 6.0 MP7 |
| NetBackup Server/Enterprise on Windows Platforms | 6.5 | Prior to 6.5.2 | 6.5.2 |
Note: ONLY the products and versions listed as affected above are vulnerable to these issues. This issue impacts Windows NetBackup Servers only. Remote clients are not affected.
Details
Symantec was alerted to multiple vulnerabilities consisting of stack overflows and unsafe method calls that Secunia Research discovered in an ActiveX control, installed with NetBackup Server/Enterprise Server for Windows as a part of the scheduler component. Although this control is not intended to be called via an external web browser, it failed to properly parse or validate external input. If accessed by an authorized but non-privileged user, this improper validation could potentially result in a browser crash or it could possibly permit unauthorized methods calls allowing access to overwrite or corrupt files. Unauthorized access to the vulnerable control could also result in possible buffer overflows with the potential for malicious code execution in the context of the targeted browser.
The impact of this threat is considerably lessened as it would require authorized user involvement in any attempt to compromise the targeted server. To exploit successfully, an attacker would need to be aware of the exact path to the vulnerable control. An attacker would have to be able to effectively entice a user to upload and execute malicious scripts via HTML email or visit a malicious web site hosting malicious code that could be effectively run against this vulnerable control.
Symantec Response
Symantec product engineers have developed and released solutions for this issue through Symantec's LiveUpdate capability and support channels as indicated.
Symantec recommends all customers apply all updates to protect against threats of this nature.
Symantec knows of no exploitation of or adverse customer impact from these issues.
The patches listed for affected products are available from the following location:
NetBackup Server/Enterprise Server 5.1 MP7:
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER30455
NetBackup Server/Enterprise Server 6.0 MP7:
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER32168
NetBackup Server/Enterprise Server 6.5.2:
http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER31008
Mitigation
Symantec has developed IDS signatures to detect and block attempts to exploit these issues.
Best Practices
As part of normal best practices, Symantec strongly recommends a multi-layered approach to security:
• Run under the principle
of least privilege where possible.
• Keep all operating
systems and applications updated with the latest vendor patches.
• Users, at a minimum,
should run both a personal firewall and antivirus application with current
updates to provide multiple points of detection and protection to both inbound
and outbound threats.
• Users should be cautious
of mysterious attachments and executables delivered via email and be cautious of
browsing unknown/untrusted websites or opening unknown/untrusted URL
links.
• Do not open unidentified
attachments or executables from unknown sources or that you didn't request or
were unaware of.
• Always err on the side
of caution. Even if the sender is known, the source address may be
spoofed.
• If in doubt, contact the
sender to confirm they sent it and why before opening the attachment. If still
in doubt, delete the attachment without opening it.
Credit
Symantec would like to thank JJ Reyes with Secunia Research for reporting these findings and coordinating closely with Symantec as we resolved the issues.
References
The Common Vulnerabilities and Exposures (CVE) initiative has assigned:
- CVE-2007-6016 to the
buffer overflow issue
- CVE-2007-6017 to the
unsafe methods issue
These issues are candidates for inclusion in the CVE list
(http://cve.mitre.org/), which standardizes
names for security issues.
SecurityFocus has assigned Bugtraq ID BID 26904 for the buffer overflows and BID 28008 for the unsafe methods for inclusion in the Security Focus vulnerability database.
SecurityFocus has assigned Bugtraq ID BID 26904 for the buffer overflows and BID 28008 for the unsafe methods for inclusion in the Security Focus vulnerability database.
Supplemental Material:
| System: Ref.# | Description |
| ETrack: 1175681 | ETrack (NetBackup) 1175681: SYM08-007 |
Products Applied:
NetBackup Enterprise Server 5.0, 5.0 MP1 (Fixed), 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 5.1 MP5, 5.1 MP6, 5.1 MP7 (Fixed), 6.0, 6.0 MP1, 6.0 MP2, 6.0 MP3, 6.0 MP4, 6.0 MP5, 6.0 MP6, 6.0 MP7 (Fixed), 6.5, 6.5.1, 6.5.2 (Fixed)
NetBackup Server 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 5.1 MP5, 5.1 MP6, 5.1 MP7 (Fixed), 6.0, 6.0 MP1, 6.0 MP2, 6.0 MP3, 6.0 MP4, 6.0 MP5, 6.0 MP6, 6.0 MP7 (Fixed), 6.5, 6.5.1, 6.5.2 (Fixed)
NetBackup Enterprise Server 5.0, 5.0 MP1 (Fixed), 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 5.1 MP5, 5.1 MP6, 5.1 MP7 (Fixed), 6.0, 6.0 MP1, 6.0 MP2, 6.0 MP3, 6.0 MP4, 6.0 MP5, 6.0 MP6, 6.0 MP7 (Fixed), 6.5, 6.5.1, 6.5.2 (Fixed)
NetBackup Server 5.1, 5.1 MP1, 5.1 MP2, 5.1 MP3, 5.1 MP4, 5.1 MP5, 5.1 MP6, 5.1 MP7 (Fixed), 6.0, 6.0 MP1, 6.0 MP2, 6.0 MP3, 6.0 MP4, 6.0 MP5, 6.0 MP6, 6.0 MP7 (Fixed), 6.5, 6.5.1, 6.5.2 (Fixed)
Last Updated: September 24 2008 03:25 PM GMT
Expires on: 09-19-2009
Subscribe to receive critical updates about this document
Expires on: 09-19-2009
Subscribe to receive critical updates about this document
Subjects:
NetBackup Enterprise Server
Publishing Status: Techalert
NetBackup Server
Publishing Status: Techalert
NetBackup Enterprise Server
Publishing Status: Techalert
NetBackup Server
Publishing Status: Techalert
Languages:
English (US)
English (US)
Operating Systems:
Windows 2000
Windows 2000
Advanced Server SP4, Datacenter Server SP4, Server SP4
Windows Server 2003
DataCenter, DataCenter (IA64), DataCenter (x64), DataCenter SP1, DataCenter SP1(IA64), DataCenter SP1(x64), DataCenter SP2, Datacenter SP2(x64), Enterprise (IA64), Enterprise (x64), Enterprise SP1(IA64), Enterprise SP1(x64), Enterprise SP2, Enterprise SP2(x64), Enterprise Server, Enterprise ServerSP1, Standard Server, Standard Server SP1, Standard Server SP1 (x64), Standard Server SP2, Standard Server SP2 (x64), Standard Server(x64), Storage Server, Storage Server SP1, Storage Server SP2, Web Server, Web Server SP1, Web Server SP2
Windows Server 2008
DataCenter (x64-64bit), DataCenter (x86-32bit), Enterprise (x64-64bit), Enterprise (x86-32bit), Standard (x64-64bit), Standard (x86-32bit), Web Server (x64-64bit), Web Server (x86-32bit)
Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.