Security Pack NB_51_4S01_M.winnt.intel.exe provides security-related fixes to the Veritas NetBackup (tm) Enterprise Server / Server 5.1 on NT/2000/2003/XP Professional server and clients. It also contains security fixes for NetBackup Add-on products and Database Agents.

Article:TECH46901  |  Created: 2006-01-22  |  Updated: 2006-01-30  |  Article URL http://www.symantec.com/docs/TECH46901
Article Type
Technical Solution


Environment

Issue



Security Pack NB_51_4S01_M.winnt.intel.exe provides security-related fixes to the Veritas NetBackup (tm) Enterprise Server / Server 5.1 on NT/2000/2003/XP Professional server and clients. It also contains security fixes for NetBackup Add-on products and Database Agents.

Solution



 NB 5.1GA Pack NB_51_4S01_M README                                 March 23, 2006
================================================================================
** THIS SECURITY PACK MUST BE INSTALLED OVER THE NETBACKUP 5.1GA Pack NB_51_4_M
MAINTENANCE PACK.  ANY ATTEMPT TO INSTALL THIS PACK OVER AN EARLIER VERSION OF  
NETBACKUP 5.1 WILL RESULT IN A FAILED INSTALL.**

(Please refer to the PACK DEPENDENCIES and the RELATED DOCUMENTS sections of
this Readme for additional information that applies to this pack.)

================================================================================


=================
PACK DEPENDENCIES
=================

    -- 5.1GA Pack NB_51_4_M must be installed prior to installing this
       Security Pack.



I.   DOWNLOAD INSTRUCTIONS
II.  INSTALLATION INSTRUCTIONS
III. UNINSTALL INSTRUCTIONS
IV.  DESCRIPTION OF PROBLEMS FIXED
       Current Pack


=========================
I. DOWNLOAD INSTRUCTIONS
=========================
This is an update to NetBackup/Media Manager products
with the latest fixes for Windows NetBackup servers and clients.

Download instructions:
1) Download the NB_51_4S01_M.winnt.intel_<6 digit number>.exe file
  into a temporary directory.

  where <6 digit number> is an internal tracking identifier

2) Extract the NB_51_4S01_M.winnt.intel_<6 digit number>.exe
  by double-clicking on it.

       This will create a number of files that include:
       README.NT
       and
       Setup.exe


=============================
II. INSTALLATION INSTRUCTIONS
=============================
NOTE: For Security Pack installation on Windows Cluster Environment:

1) Install this Security Pack on the inactive node(s) of the cluster  
  (follow steps 1-4 below)

2) Move the group from the active node to another node.
  This should be done when the NetBackup system is quiet, i.e. no backups
  or restores running.

3) Install this Security Pack on the newly inactive node of the cluster

4) (Optional) Move the NetBackup group back to the original node.

--------------------------------------------------------------------------------

Installation steps:

1) Close all NetBackup Windows.
  Make sure the NetBackup system has no active backups, restores,
  duplications, etc., running. If there are NetBackup activities in process,
  the Security Pack will require a reboot if the file to update is busy.

  If a database client is being used, such as Oracle, ensure that the
  database services are stopped.  Database services can be stopped via the
  ControlPanel -> Services tool.  Repeat this until all databases have been
  stopped. These services must be restarted once the patch is successfully
  installed.

2) Run Setup.exe (Double-click on the icon from File Manager or Explorer or run
  it from the command prompt)

  Setup.exe begins by stopping the appropriate NetBackup Services required for
  the Security Pack installation. Next, it will install the necessary files  
  into their correct locations. Lastly, Setup.exe will restart the appropriate  
  NetBackup services.

3) Examine the <TEMP>.log file to ensure that no errors took  
  place during the installation.

4) Remove the temporary directory created in the download instructions.

Note: If you are installing the Security Pack using the silent install script,
please review the <TEMP>.log after the installation is finished,
a reboot maybe required to complete the installation of the Security Pack.  A
search of the log for the key words "in use" will indicate which files were busy
during the installation.  



===========================
III. UNINSTALL INSTRUCTIONS
===========================
**Important notice regarding un-installs on Windows**
Only the last pack installed on a Windows system can be un-installed.  

1) Close all NetBackup Windows.
  Make sure the NetBackup server has no active backups, restores,
  duplications, etc., running. If there are NetBackup activities in process,
  the Security Pack will not install if the file to update is busy.

  If a database client is being used, such as Oracle, ensure that the
  database services are stopped.  Database services can be stopped via the
  Control Panel -> Services tool.  Repeat this until all databases have been
  stopped. These services must be restarted once the patch is successfully
  installed.

2) Go to Add/Remove programs dialog box and select correct pack to be uninstalled.  



=================================
IV. DESCRIPTION OF PROBLEMS FIXED
=================================
The following are descriptions of the problems fixed.  Please read the entire
document before installing.

A vulnerability has been confirmed in the NetBackup Volume Manager daemon.
Please refer to the Current Pack section for more information.


README Conventions:

Description
    Describes a particular problem or feature contained in this pack.

** Description **  
    Describes a problem that can lead to potential data loss. Please  
    read these problem descriptions carefully.

Workaround
    Any available workarounds to a problem are also listed. Workarounds  
    can be used INSTEAD of applying the patch, however, Symantec strongly  
    recommends the "best practice" of being at the latest patch level.

Additional Notes  
    Any additional information regarding these problems are included.


=============  
Current pack  
=============  

================================================================================
Etrack Incident = ET521919

Description:  
   A stack-based buffer overflow vulnerability existed in the volume manager
   daemon (vmd) running on NetBackup servers.   If an attacker was able to  
   gain access to a vulnerable NetBackup server and successfully exploit this
   issue, it could have lead to arbitrary code execution and resulted in
   unauthorized access with elevated privileges on the targeted system.
   
   This vulnerability impacted only NetBackup server systems and did not
   impact NetBackup client systems.  
--------------------------------------------------------------------------------
Etrack Incident = ET538176 ET537661 ET537510 ET537536 ET537527 ET537519 ET537478
ET537556 ET537413 ET538161 ET542503 ET546475 ET546008 ET568450 ET568930 ET540333
ET536742

Description:  
   Multiple buffer overflow vulnerabilities have been identified in daemons
   that run on Veritas NetBackup master, media, and client servers.   An
   attacker, if able to access a vulnerable Veritas NetBackup server and
   successfully exploit these issues, could potentially execute arbitrary
   code resulting in possible unauthorized and elevated privilege access to
   the targeted system.
   
   For more information about this vulnerability, refer to TechNote 281521 on
   the Symantec Support Web site (  http://support.veritas.com/docs/281521).
================================================================================




Attachments

NB_51_4S01_M_282438.winnt.intel.exe (13.6 MBytes)


Legacy ID



282438


Article URL http://www.symantec.com/docs/TECH46901


Terms of use for this information are found in Legal Notices