Special Pack NB_50_5S2_M.winnt.intel.exe provides security-related fixes for VERITAS NetBackup (tm) Enterprise Server / Server 5.0 on NT/2000/2003/XP Professional server and clients.

Article:TECH44730  |  Created: 2005-01-08  |  Updated: 2006-01-09  |  Article URL http://www.symantec.com/docs/TECH44730
Article Type
Technical Solution


Environment

Issue



Special Pack NB_50_5S2_M.winnt.intel.exe provides security-related fixes for VERITAS NetBackup (tm) Enterprise Server / Server 5.0 on NT/2000/2003/XP Professional server and clients.

Solution



NB 5.0GA Pack NB_50_5S2_M README November 7, 2005
================================================================================
** THIS MAINTENANCE PACK MUST BE INSTALLED OVER THE NETBACKUP 5.0GA PACK
NB_50_5_M MAINTENANCE PACK. ANY ATTEMPT TO INSTALL THIS PACK OVER AN EARLIER
VERSION OF NETBACKUP 5.0 WILL RESULT IN A FAILED INSTALL.

(Please refer to the PACK DEPENDENCIES and the RELATED DOCUMENTS sections of
this Readme for additional information that applies to this pack.)

Symantec recommends that the backing up of active file systems be avoided,
or the use of snapshot technologies be implemented. The directory structure
reported back from the file system (to NetBackup) may not contain all of the
files available during the time of backup. NetBackup will not report errors
in many cases where the file's existence is not known to NetBackup as reported
by the file system.


=================
PACK DEPENDENCIES
=================

-- NETBACKUP 5.0GA PACK NB_50_5_M must be installed prior to installing
this Maintenance Pack.

-- For the latest robotics support please also download and install the
latest Mappings_5.0.<6 digit number>.zip from the Support Web site:
www.support.veritas.com.


I. DOWNLOAD INSTRUCTIONS
II. INSTALLATION INSTRUCTIONS
III. UNINSTALL INSTRUCTIONS
IV. DESCRIPTION OF PROBLEMS FIXED
Current Pack
NB_50_5S1320_M


=========================
I. DOWNLOAD INSTRUCTIONS
=========================
This is an update to NetBackup/Media Manager products with the latest fixes
for Windows NT NetBackup servers.

Download instructions:
1) Download the NB_50_5S2_M.winnt.intel_<6 digit number>.exe file
into a temporary directory.

where <6 digit number> is an internal tracking identifier

2) Extract the NB_50_5S2_M.winnt.intel_<6 digit number>.exe
by double-clicking on it.

This will create a number of files that include:
README.NT
and
Setup.exe



===============================
II. INSTALLATION INSTRUCTIONS
===============================
NOTE: For Maintenance Pack installation on Windows Cluster Environment:

1) Install this Maintenance Pack on the inactive node(s) of the cluster
(follow steps 1-4 below)

2) Move the group from the active node to another node.
This should be done when the NetBackup system is quiet, i.e. no backups
or restores running.

3) Install this Maintenance Pack on the newly inactive node of the cluster

4) (Optional) Move the NetBackup group back to the original node.

--------------------------------------------------------------------------------

Installation steps:

1) Close all NetBackup Windows.
Make sure the NetBackup system has no active backups, restores,
duplications, etc., running. If there are NetBackup activities in process,
the Maintenance Pack will require a reboot if the file to update is busy.

If a database client is being used, such as Oracle, ensure that the
database services are stopped. Database services can be stopped via the
ControlPanel -> Services tool. Repeat this until all databases have been
stopped. These services must be restarted once the patch is successfully
installed.

2) Run Setup.exe (Double-click on the icon from File Manager or Explorer or run
it from the command prompt)

Setup.exe begins by stopping the appropriate NetBackup Services required for
the Maintenance Pack installation. Next, it will install the necessary files
into their correct locations. Lastly, Setup.exe will restart the appropriate
NetBackup services.

3) Examine the <TEMP>\MaintenancePack.Log file to ensure that no errors took
place during the installation.

4) Remove the temporary directory created in the download instructions.

Note: If you are installing the Maintenance Pack using the silent install script,
please review the <TEMP>\MaintenancePack.Log after the installation is finished,
a reboot maybe required to complete the installation of the Maintenance Pack. A
search of the log for the key words "in use" will indicate which files were busy
during the installation.

For Encryption users: Do the following on the Windows Master that has
Encryption installed on it:

1) Install the NetBackup 5.0 MP5 Windows patch (NB_50_5S2_M) on the master.

2) You must then push the patch to the clients that have encryption installed.


===========================
III. UNINSTALL INSTRUCTIONS
==========================
**Important notice regarding un-installs on Windows**
Only the last Maintenance Pack installed on a Windows system
can be un-installed.

1) Close all NetBackup Windows.
Make sure the NetBackup server has no active backups, restores,
duplications, etc., running. If there are NetBackup activities in process,
the Maintenance Pack will not install if the file to update is busy.

If a database client is being used, such as Oracle, ensure that the
database services are stopped. Database services can be stopped via the
ControlPanel -> Services tool. Repeat this until all databases have been
stopped. These services must be restarted once the patch is successfully
installed.

2) Go to Add/Remove programs dialog box and select correct Pack to be uninstalled.

For Encryption users:

You will need to push out restored binaries to affect encryption clients

=================================
IV. DESCRIPTION OF PROBLEMS FIXED
=================================
The following are descriptions of the problems fixed. Please read the entire
document before installing.

A vulnerability has been confirmed in the NetBackup Volume Manager
daemon. Please refer to the Current Pack section for more information.


README Conventions:

Description
Describes a particular problem or feature contained in this Maintenance
Pack.

** Description **
Describes a problem that can lead to potential data loss. Please
read these problem descriptions carefully.

Workaround
Any available workarounds to a problem are also listed. Workarounds
can be used INSTEAD of applying the patch, however, Symantec strongly
recommends the "best practice" of being at the latest patch level.

Additional Notes
Any additional information regarding this problem or feature is included.


=============
Current pack
=============

================================================================================
Etrack Incident = ET429810 ET494465

Description:
A vulnerability has been confirmed in the NetBackup Volume Manager
daemon (vmd). By sending a specially crafted packet to the Volume Manager,
a stack overflow occurs. This is caused by improper bounds checking.
Exploitation does not require authentication, thereby allowing a remote
attacker to take over the system or disrupt the backup capabilities.
Further testing and code inspection has revealed that all other
NetBackup 5.1 daemons are potentially affected in the same manner.
Therefore, any Master Servers, Media Servers, Clients and Console machines
at this version level are subject to this vulnerability. However,
NetBackup 5.1 database agents are not affected by this issue.

Refer to the Related Document section for more details.
================================================================================

==============
NB_50_5S1320_M
==============

Etrack Incident = ET427044

Description:
A change has been made to avert a potential vulnerability in a Java
authentication service that runs on VERITAS NetBackup servers and clients.
This change prohibits remote attackers from executing arbitrary code on a
targeted system. In addition, Symantec recommends that users block the
affected ports from external network access.
================================================================================


Attachments

NB_50_5S2_M_280088.winnt.intel.exe (7.1 MBytes)


Legacy ID



280088


Article URL http://www.symantec.com/docs/TECH44730


Terms of use for this information are found in Legal Notices