Special Feature Pack NB_45_9S1443_F.alpha.tar provides security-related fixes for the Java Authentication Service on VERITAS NetBackup (tm) DataCenter / BusinesServer 4.5FP Tru64 servers.

Article:TECH44302  |  Created: 2005-01-11  |  Updated: 2013-10-23  |  Article URL http://www.symantec.com/docs/TECH44302
Article Type
Technical Solution

Product(s)

Environment

Issue



Special Feature Pack NB_45_9S1443_F.alpha.tar provides security-related fixes for the Java Authentication Service on VERITAS NetBackup (tm) DataCenter / BusinesServer 4.5FP Tru64 servers.

Solution



 NB 4.5FP_6 Pack NB_45_9S1443_F README                           October 12, 2005
Corequirement: NB_CLT_45_9S1443_F
================================================================================
** THIS FEATURE PACK IS A NON-CUMULATIVE PACK THAT MUST BE INSTALLED OVER
THE NETBACKUP 4.5FP6 PACK NB_45_9_F FEATURE PACK.  ANY ATTEMPT TO INSTALL
THIS PACK OVER AN EARLIER VERSION OF NETBACKUP 4.5 WILL RESULT IN A FAILED  
INSTALL. **

(Please refer to the PACK DEPENDENCIES and the RELATED DOCUMENTS sections of
this Readme for additional information that applies to this pack.)

Symantec recommends that the backing up of active file systems be avoided,  
or the use of snapshot technologies be implemented. The directory structure  
reported back from the file system (to NetBackup) may not contain all of the  
files available during the time of backup. NetBackup will not report errors  
in many cases where the file's existence is not known to NetBackup as reported  
by the file system.

================================================================================



=================
PACK DEPENDENCIES
=================

    -- 4.5FP6 PACK NB_45_9_F must be installed prior to installing this  
       Feature Pack.

    -- Installation of this Feature Pack requires version 1.8.2.25 of the
       Vrts_pack.install script.

    -- For the latest robotics support please also download and install the  
       latest Mappings_4.5.<6 digit number>.tar from the Support Web site:
       www.support.veritas.com.


I.   DOWNLOAD INSTRUCTIONS
II.  INSTALLATION INSTRUCTIONS
III. UNINSTALL INSTRUCTIONS
IV.  DESCRIPTION OF PROBLEMS FIXED
    Current Pack


=========================
I. DOWNLOAD INSTRUCTIONS
=========================
1) Download the NB_CLT_45_9S1443_F_<6 digit number>.tar and
  NB_45_9S1443_F_<6 digit number>.<server>.tar files into the  
  /tmp directory,

  where <6 digit number> is an internal tracking identifier

  where <server> is alpha, hp_ux, linux, ncr, rs6000, sequent4.2, sgi, solaris  
                     
    NOTE: NB_CLT_45_9S1443_F_<6 digit number>.tar has the client binaries and
    NB_45_9S1443_F_<6 digit number>.<server>.tar has the server binaries and BOTH
    must be installed.

2) Extract the NB_CLT_45_9S1443_F_<6 digit number>.tar and the  
  NB_45_9S1443_F_<6 digit number>.<server>.tar files.
       tar xvf NB_CLT_45_9S1443_F_<6 digit number>.tar
       tar xvf NB_45_9S1443_F_<6 digit number>.<server>.tar

       NB_45_9S1443_F will create the files:
       VrtsNB_45_9S1443_F.README
       VrtsNB_45_9S1443_F.<server>.tar.Z
       VrtsNB_45_9S1443_F.postuninstall
       VrtsNB_45_9S1443_F.postinstall  
       VrtsNB_45_9S1443_F.preinstall  
       Vrts_pack.install

       NB_CLT_45_9S1443_F will create the files:
       VrtsNB_CLT_45_9S1443_F.README
       VrtsNB_CLT_45_9S1443_F.tar.Z
       VrtsNB_CLT_45_9S1443_F.postuninstall
       VrtsNB_CLT_45_9S1443_F.postinstall  
       VrtsNB_CLT_45_9S1443_F.preinstall        


==============================
II. INSTALLATION INSTRUCTIONS
==============================
As root on the NetBackup Master/Media Server:

1) Install NB_45_9S1443_F and NB_CLT_45_9S1443_F Feature Pack binaries.

       cd /tmp
       /bin/sh Vrts_pack.install

2) Restart daemons.

       /usr/openv/netbackup/bin/initbprd
       /usr/openv/volmgr/bin/ltid -v

3) Update the NetBackup clients, including the NetBackup master and media
  servers, with the update_clients script.

       /usr/openv/netbackup/bin/update_clients <hardware> <os>

       where <hardware> <os> is one of the following:
           ALPHA OSF1_V4
           ALPHA OSF1_V5
           DataGeneral UNIX
           HP9000-700 HP-UX11.00
           HP9000-800 HP-UX11.00
           INTEL  FreeBSD
           Linux  RedHat2.2
           Linux  RedHat2.4
           MACINTOSH MacOSXS1.2
           MACINTOSH MacOSX
           NCR UNIX
           RS6000 AIX4.3.3
           RS6000 AIX5
           SCO UnixWare
           Sequent DYNIX420
           SGI IRIX65
           Solaris Solaris2.6
           Solaris Solaris7
           Solaris Solaris8
           Solaris Solaris9
           Solaris Solaris_x86_2.6
           Solaris Solaris_x86_7
           Solaris Solaris_x86_8

      Remember to include the master server's <hardware> <os> type.

      Note: The /usr/openv/netbackup/bin/update_clients command without
            any parameters will update all the UNIX clients.
             
      Note: When updating an RS6000 client, there may be circumstances
            where update_clients will fail with an error similar to
            this:

            Couldn't open /usr/openv/lib/libVmangle.so on client  
            Client open errno = 26

            If this happens, execute /usr/sbin/slibclean on the client
            to be updated and re-run update_clients.

If the client (CLT) .Z file and README exist in the installation  
directory during the installation of the server Feature Pack, the  
Vrts_pack.install script will install the client Feature Pack automatically.  
The client Feature Pack will NOT be installed automatically during a  
reinstall of the server Feature Pack.  

Additional Notes:

If non-root administrators use the GUI only, the nonroot_admin
script no longer needs to be run.  If the non-root administrators
use the command line or bpadm, the group and file permissions
will have to be changed manually on the NetBackup binaries.  
Users can write their own script.  The script is being phased
out because there is a slight security risk that non-root users
may be able to execute NetBackup commands only because those users
are part of a group that is allowed to execute NetBackup commands.


============================
III. UNINSTALL INSTRUCTIONS
============================
Note:  This will ONLY uninstall the Feature Pack from your local machine.

   1) Close the NetBackup user interfaces.

       Make sure the NetBackup server has no active jobs running (for
       example, backups, restores, or duplications).

       If a database agent is being used, such as Oracle,  
       ensure that the database services are stopped.  

   2) Change directory to the pack save directory.  
       Substitute the pack name for $PACK in the following command:

          cd /usr/openv/pack/$PACK/save

   3) Run the un-install script:

         ./Vrts_pack.uninstall

   4) Verify that the pack uninstalled successfully by checking  
       /usr/openv/pack/pack.history.

   5) If update_clients was run after the pack was originally INSTALLED,  
       run it again after that pack is successfully UNINSTALLED.

   6) If necessary, restart the NetBackup and Media Manager daemons:
       /usr/openv/netbackup/bin/goodies/netbackup start
     

==================================
IV. DESCRIPTION OF PROBLEMS FIXED
==================================
The following are descriptions of the problems fixed.  Please read the  
entire document before installing.

README Conventions:

Description
    Describes particular problem or feature contained in this Feature Pack.

** Description **  
    Describes a problem that can lead to potential data loss. Please  
    read these problem descriptions carefully.

Workaround
    Any available workarounds to a problem are also listed. Workarounds  
    can be used INSTEAD of applying the patch, however, Symantec strongly  
    recommends the "best practice" of being at the latest patch level.

Additional Notes  
    Any additional information regarding this problem or feature is included.
     

=============  
Current pack  
=============  

================================================================================
Description:  
   A change has been made to avert a potential vulnerability in a Java  
   authentication service that runs on VERITAS NetBackup servers and clients.
   This change prohibits remote attackers from executing arbitrary code on a
   targeted system.  In addition, Symantec recommends that users block the
   affected ports from external network access.  

   (NetBackup Servers and Clients)
================================================================================




Attachments

NB_45_9S1443_F_279612.alpha.tar (1.6 MBytes)


Legacy ID



279612


Article URL http://www.symantec.com/docs/TECH44302


Terms of use for this information are found in Legal Notices