Security Pack NB_51_4S01_M.rs6000.tar provides security-related fixes for Veritas NetBackup (tm) Enterprise Server / Server 5.1 on AIX servers.

Article:TECH46896  |  Created: 2006-01-22  |  Updated: 2006-01-27  |  Article URL http://www.symantec.com/docs/TECH46896
Article Type
Technical Solution


Environment

Issue



Security Pack NB_51_4S01_M.rs6000.tar provides security-related fixes for Veritas NetBackup (tm) Enterprise Server / Server 5.1 on AIX servers.

Solution



NB 5.1GA Pack NB_51_4S01_M README March 23, 2006
Requirement: NB_CLT_51_4S01_M NB_51_4_M
================================================================================
** THIS SECURITY PACK MUST BE INSTALLED OVER THE NETBACKUP 5.1 GA Pack
NB_51_4_M MAINTENANCE PACK. ANY ATTEMPT TO INSTALL THIS PACK OVER AN EARLIER
VERSION OF NETBACKUP 5.1 WILL RESULT IN A FAILED INSTALL.**

(Please refer to the PACK DEPENDENCIES and the RELATED DOCUMENTS sections of
this Readme for additional information that applies to this pack.)

================================================================================


=================
PACK DEPENDENCIES
=================

-- NB_51_4_M_<6 digit number>.<server>.tar must be installed before this
Security Pack is installed.

-- NB_CLT_51_4S01_M_<6 digit number>.<server>.tar must be installed before
this Security Pack is installed.

-- Installation of this Security Pack requires version 1.19.4.23
of the Vrts_pack.install script.


I. DOWNLOAD INSTRUCTIONS
II. INSTALLATION INSTRUCTIONS
III. UNINSTALL INSTRUCTIONS
IV. DESCRIPTION OF PROBLEMS FIXED
Current Pack


=========================
I. DOWNLOAD INSTRUCTIONS
=========================

1) Download the NB_CLT_51_4S01_M_<6 digit number>.tar and
NB_51_4S01_M_<6 digit number>.<server>.tar files into the
/tmp directory,

where <6 digit number> is an internal tracking identifier

where <server> is alpha_5, hp_ux, linux, rs6000, sgi, solaris

NOTE: NB_CLT_51_4S01_M_<6 digit number>.tar has the client binaries and
NB_51_4S01_M_<6 digit number>.<server>.tar has the server binaries and
BOTH must be installed.

2) Extract the NB_CLT_51_4S01_M_<6 digit number>.tar and the
NB_51_4S01_M_<6 digit number>.<server>.tar files.
tar xvf NB_CLT_51_4S01_M_<6 digit number>.tar
tar xvf NB_51_4S01_M_<6 digit number>.<server>.tar

NB_51_4S01_M will create the files:
VrtsNB_51_4S01_M.README
VrtsNB_51_4S01_M.<server>.tar.Z
VrtsNB_51_4S01_M.postuninstall
VrtsNB_51_4S01_M.postinstall
VrtsNB_51_4S01_M.preinstall
Vrts_pack.install

NB_CLT_51_4S01_M will create the files:
VrtsNB_CLT_51_4S01_M.README
VrtsNB_CLT_51_4S01_M.tar.Z
VrtsNB_CLT_51_4S01_M.postuninstall
VrtsNB_CLT_51_4S01_M.postinstall
VrtsNB_CLT_51_4S01_M.preinstall




===============================
II. INSTALLATION INSTRUCTIONS
===============================
NOTE: For Security Pack installation on a UNIX Cluster Environment:

1) Ensure that prior to installing the Security Pack, NetBackup is at
release level 5.1 MP4 and configured to run in a cluster.

2) Freeze the NetBackup group (This will avoid a 'failover' during a patch
installation).

3) Install this Security Pack on the inactive node(s) of the cluster
(follow steps 1-3 below).

4) Install this Security Pack on the active node of the cluster (follow
steps 1-3 below).

5) Unfreeze the NetBackup group.


--------------------------------------------------------------------------------


As root on the NetBackup Master Server:

1) Install NB_51_4S01_M Security Pack binaries.

cd /tmp
/bin/sh Vrts_pack.install

NOTE: If the client (CLT) .Z file and README exist in the installation
directory during the installation of the server pack, the Vrts_pack.install
script will install the client pack automatically. The client pack will NOT be
installed automatically during a reinstall of the server pack.

2) Restart daemons.

/usr/openv/netbackup/bin/initbprd
/usr/openv/volmgr/bin/ltid -v



===========================
III. UNINSTALL INSTRUCTIONS
===========================
Note: This will ONLY uninstall the pack from your local machine.

1) Close the NetBackup user interfaces.

Make sure the NetBackup server has no active jobs running (for
example, backups, restores, or duplications).

If a database agent is being used, such as Oracle,
ensure that the database services are stopped.

2) Change directory to the pack save directory.
Substitute the pack name for ${PACK} in the following command:

cd /usr/openv/pack/${PACK}/save

3) Run the un-install script:

./Vrts_pack.uninstall

4) Verify that the pack uninstalled successfully by checking:

/usr/openv/pack/pack.history.

5) If update_clients was run after the pack was originally INSTALLED,
run it again after that pack is successfully UNINSTALLED.

6) If necessary, restart the NetBackup and Media Manager daemons:

/usr/openv/netbackup/bin/goodies/netbackup start



=================================
IV. DESCRIPTION OF PROBLEMS FIXED
=================================
The following are descriptions of the problems fixed. Please read the entire
document before installing.

A vulnerability has been confirmed in the NetBackup Volume Manager daemon.
Please refer to the Current Pack section for more information.


README Conventions:

Description
Describes a particular problem or feature contained in this pack.

** Description **
Describes a problem that can lead to potential data loss. Please
read these problem descriptions carefully.

Workaround
Any available workarounds to a problem are also listed. Workarounds
can be used INSTEAD of applying the patch, however, Symantec strongly
recommends the "best practice" of being at the latest patch level.

Additional Notes
Any additional information regarding these problems are included.


=============
Current pack
=============

================================================================================
Etrack Incident = ET521919

Description:
A stack-based buffer overflow vulnerability existed in the volume manager
daemon (vmd) running on NetBackup servers. If an attacker was able to
gain access to a vulnerable NetBackup server and successfully exploit this
issue, it could have lead to arbitrary code execution and resulted in
unauthorized access with elevated privileges on the targeted system.

This vulnerability impacted only NetBackup server systems and did not
impact NetBackup client systems.
--------------------------------------------------------------------------------
Etrack Incident = ET538176 ET537661 ET537510 ET537536 ET537527 ET537519 ET537478
ET537556 ET537413 ET538161 ET542503 ET546475 ET546008 ET568450 ET568930 ET540333
ET536742

Description:
Multiple buffer overflow vulnerabilities have been identified in daemons
that run on Veritas NetBackup master, media, and client servers. An
attacker, if able to access a vulnerable Veritas NetBackup server and
successfully exploit these issues, could potentially execute arbitrary
code resulting in possible unauthorized and elevated privilege access to
the targeted system.

For more information about this vulnerability, refer to TechNote 281521 on
the Symantec Support Web site (http://support.veritas.com/docs/281521 ).
================================================================================



Attachments

NB_51_4S01_M_282434.rs6000.tar (11.8 MBytes)


Legacy ID



282434


Article URL http://www.symantec.com/docs/TECH46896


Terms of use for this information are found in Legal Notices