Special Pack NB_51_3AS2_M.winnt.IA64.exe provides security-related fixes for VERITAS NetBackup (tm) Enterprise Server / Server 5.1 on Windows XP/2003 64 bit clients.

Article:TECH44739  |  Created: 2005-01-08  |  Updated: 2006-01-09  |  Article URL http://www.symantec.com/docs/TECH44739
Article Type
Technical Solution


Environment

Issue



Special Pack NB_51_3AS2_M.winnt.IA64.exe provides security-related fixes for VERITAS NetBackup (tm) Enterprise Server / Server 5.1 on Windows XP/2003 64 bit clients.

Solution



NB 5.1GA Pack NB_51_3AS2_M README November 7, 2005
================================================================================
** THIS MAINTENANCE PACK MUST BE INSTALLED OVER THE NETBACKUP 5.1GA Pack
NB_51_3A_M MAINTENANCE PACK. ANY ATTEMPT TO INSTALL THIS PACK OVER AN EARLIER
VERSION OF NETBACKUP 5.1 WILL RESULT IN A FAILED INSTALL.**

(Please refer to the PACK DEPENDENCIES and the RELATED DOCUMENTS sections of
this Readme for additional information that applies to this pack.)

This Maintenance Pack provides fixes to the VERITAS NetBackup Windows 64-bit
server and clients.

Symantec recommends that the backing up of active file systems be avoided,
or the use of snapshot technologies be implemented. The directory structure
reported back from the file system (to NetBackup) may not contain all of the
files available during the time of backup. NetBackup will not report errors
in many cases where the file's existence is not known to NetBackup as reported
by the file system.

=================
PACK DEPENDENCIES
=================

-- 5.1GA Pack NB_51_3A_M must be installed prior to installing this
Maintenance Pack.

-- For the latest robotics support please also download and install the
latest Mappings_5.1.<6 digit number>.zip from the Support Web site:
www.support.veritas.com.


I. DOWNLOAD INSTRUCTIONS
II. INSTALLATION INSTRUCTIONS
III. UNINSTALL INSTRUCTIONS
IV. DESCRIPTION OF PROBLEMS FIXED
Current Pack
NB_51_3AS0949_M

=========================
I. DOWNLOAD INSTRUCTIONS
=========================
This is an update to NetBackup/Media Manager products with the latest fixes
for Windows NT NetBackup servers.

Download instructions:
1) Download the NB_51_3AS2_M.winnt.IA64_<6 digit number>.exe file
into a temporary directory.

where <6 digit number> is an internal tracking identifier

2) Extract the NB_51_3AS2_M.winnt.IA64_<6 digit number>.exe
by double-clicking on it.

This will create a number of files that include:
README.NT
and
Setup.exe


=============================
II. INSTALLATION INSTRUCTIONS
=============================

NOTE: For Maintenance Pack installation on Microsoft Cluster Environment:

1) Install this Maintenance Pack on the inactive node(s) of the cluster
(follow steps 1-4 below)

2) Use the MSCS move group command to 'failover' the server to another node.
This should be done when the NetBackup system is quiet, i.e. no backups
or restores running.

3) Install this Maintenance Pack on the newly inactive node of the cluster

4) (Optional) Use the MSCS move group command to 'failover'
the server back to the original node.

--------------------------------------------------------------------------------

Installation steps:

1) Close all NetBackup Windows.
Make sure the NetBackup system has no active backups, restores,
duplications, etc., running. If there are NetBackup activities in process,
the Maintenance Pack will require a reboot if the file to update is busy.

If a database client is being used, such as Oracle, ensure that the
database services are stopped. Database services can be stopped via the
Control Panel -> Services tool. Repeat this until all databases have been
stopped. These services must be restarted once the patch is successfully
installed.

2) Run Setup.exe (Double-click on the icon from File Manager or Explorer or run
it from the command prompt)

Setup.exe begins by stopping the appropriate NetBackup Services required for
the Maintenance Pack installation. Next, it will install the necessary files
into their correct locations. Lastly, Setup.exe will restart the appropriate
NetBackup services.

3) Examine the <TEMP>\MaintenancePack.Log file to ensure that no errors took
place during the installation.

4) Remove the temporary directory created in the download instructions.

Note: If you are installing the Maintenance Pack using the silent install script,
please review the <TEMP>\MaintenancePack.Log after the installation is finished,
a reboot maybe required to complete the installation of the Maintenance Pack. A
search of the log for the key words "in use" will indicate which files were busy
during the installation.


===========================
III. UNINSTALL INSTRUCTIONS
===========================
**Important notice regarding un-installs on Windows**
Only the last Maintenance Pack installed on a Windows system can be un-installed.

1) Close all NetBackup Windows.
Make sure the NetBackup server has no active backups, restores,
duplications, etc., running. If there are NetBackup activities in process,
the Maintenance Pack will not install if the file to update is busy.

If a database client is being used, such as Oracle, ensure that the
database services are stopped. Database services can be stopped via the
Control Panel -> Services tool. Repeat this until all databases have been
stopped. These services must be restarted once the patch is successfully
installed.

2) Go to <install dir of NetBackup>\Patch\Pack_Uninstaller.exe and
double-click on the executable.

3) Select correct Pack to be uninstalled.

4) Click on Uninstall.

5) You may review the trace file
(<install dir of NetBackup>\Patch\Pack_Uninstall.log)
to see what files were replaced.


=================================
IV. DESCRIPTION OF PROBLEMS FIXED
=================================
The following are descriptions of the problems fixed. Please read the entire
document before installing.

A vulnerability has been confirmed in the NetBackup Volume Manager daemon.
Please refer to the Current Pack section for more information.


README Conventions:

Description
Describes a particular problem or feature contained in this Maintenance
Pack.

** Description **
Describes a problem that can lead to potential data loss. Please
read these problem descriptions carefully.

Workaround
Any available workarounds to a problem are also listed. Workarounds
can be used INSTEAD of applying the patch, however, Symantec strongly
recommends the "best practice" of being at the latest patch level.

Additional Notes
Any additional information regarding this problem or feature is included.


=============
Current pack
=============

================================================================================
Etrack Incident = ET494041 ET494466

Description:
A vulnerability has been confirmed in the NetBackup Volume Manager
daemon (vmd). By sending a specially crafted packet to the Volume Manager,
a stack overflow occurs. This is caused by improper bounds checking.
Exploitation does not require authentication, thereby allowing a remote
attacker to take over the system or disrupt the backup capabilities.
Further testing and code inspection has revealed that all other
NetBackup 5.1 daemons are potentially affected in the same manner.
Therefore, any Master Servers, Media Servers, Clients and Console machines
at this version level are subject to this vulnerability. However,
NetBackup 5.1 database agents are not affected by this issue.

Refer to the Related Document section for more details.
================================================================================

===============
NB_51_3AS0949_M
===============

Etrack Incident = ET427175

Description:
A change has been made to avert a potential vulnerability in a Java
authentication service that runs on VERITAS NetBackup servers and clients.
This change prohibits remote attackers from executing arbitrary code on a
targeted system. In addition, Symantec recommends that users block the
affected ports from external network access.
================================================================================


Attachments

NB_51_3AS2_M_280096.winnt.IA64.exe (5.9 MBytes)


Legacy ID



280096


Article URL http://www.symantec.com/docs/TECH44739


Terms of use for this information are found in Legal Notices