Security Pack NB_50_6S01_M.rs6000.tar provides security-related fixes for Veritas NetBackup (tm) Enterprise Server / Server 5.0 on AIX servers.

Article:TECH46967  |  Created: 2006-01-22  |  Updated: 2006-01-27  |  Article URL http://www.symantec.com/docs/TECH46967
Article Type
Technical Solution


Environment

Issue



Security Pack NB_50_6S01_M.rs6000.tar provides security-related fixes for Veritas NetBackup (tm) Enterprise Server / Server 5.0 on AIX servers.

Solution



NB 5.0GA Pack NB_50_6S01_M README March 23, 2006
Requirement: NB_CLT_50_6S01_M NB_50_6_M
================================================================================
**THIS SECURITY PACK MUST BE INSTALLED OVER THE NETBACKUP 5.0GA PACK NB_50_6_M
MAINTENANCE PACK. ANY ATTEMPT TO INSTALL THIS PACK OVER AN EARLIER VERSION OF
NETBACKUP 5.0 WILL RESULT IN A FAILED INSTALL.**

(Please refer to the PACK DEPENDENCIES and the RELATED DOCUMENTS sections of
this Readme for additional information that applies to this pack.)


==================
PACK DEPENDENCIES
==================

-- NB_50_6_M_<6 digit number>.<server>.tar must be installed before this
Security Pack is installed.

-- NB_CLT_50_6S01_M_<6 digit number>.<server>.tar must be installed before
this Security Pack is installed.

-- Installation of this Security Pack requires version 1.17.4.34 of
the Vrts_pack.install script.



I. DOWNLOAD INSTRUCTIONS
II. INSTALLATION INSTRUCTIONS
III. UNINSTALL INSTRUCTIONS
IV. DESCRIPTION OF PROBLEMS FIXED
Current Pack


=========================
I. DOWNLOAD INSTRUCTIONS
=========================
1) Download the NB_CLT_50_6S01_M_<6 digit number>.tar and
NB_50_6S01_M_<6 digit number>.<server>.tar files into the
/tmp directory,

where <6 digit number> is an internal tracking identifier

where <server> is alpha_5, hp_ux, linux, rs6000, sgi, solaris

NOTE: NB_CLT_50_6S01_M_<6 digit number>.tar has the client binaries and
NB_50_6S01_M_<6 digit number>.<server>.tar has the server binaries and
BOTH must be installed.

2) Extract the NB_CLT_50_6S01_M_<6 digit number>.tar and the
NB_50_6S01_M_<6 digit number>.<server>.tar files.
tar xvf NB_CLT_50_6S01_M_<6 digit number>.tar
tar xvf NB_50_6S01_M_<6 digit number>.<server>.tar

NB_50_6S01_M will create the files:
VrtsNB_50_6S01_M.README
VrtsNB_50_6S01_M.<server>.tar.Z
VrtsNB_50_6S01_M.postuninstall
VrtsNB_50_6S01_M.postinstall
VrtsNB_50_6S01_M.preinstall
Vrts_pack.install

NB_CLT_50_6S01_M will create the files:
VrtsNB_CLT_50_6S01_M.README
VrtsNB_CLT_50_6S01_M.tar.Z
VrtsNB_CLT_50_6S01_M.postuninstall
VrtsNB_CLT_50_6S01_M.postinstall
VrtsNB_CLT_50_6S01_M.preinstall
Vrts_pack.install

===============================
II. INSTALLATION INSTRUCTIONS
===============================
NOTE: For Security Pack installation on a UNIX Cluster Environment:

1) Ensure that prior to installing the Security Pack, NetBackup is at
release level 5.0 MP6 and configured to run in a cluster.

2) Freeze the NetBackup group (This will avoid a 'failover' during a patch
installation).

3) Install this Security Pack on the inactive node(s) of the cluster
(follow the steps below).

4) Install this Security Pack on the active node of the cluster (follow
the steps below).

5) Unfreeze the NetBackup group.


--------------------------------------------------------------------------------

As root on the NetBackup Master Server:

1) Install NB_50_6S01_M pack binaries.

cd /tmp
/bin/sh Vrts_pack.install

NOTE: If the client (CLT) .Z file and README exist in the installation
directory during the installation of the server pack, the Vrts_pack.install
script will install the client pack automatically. The client pack will NOT
be installed automatically during a reinstall of the server pack.

2) Restart daemons.

/usr/openv/netbackup/bin/initbprd
/usr/openv/volmgr/bin/ltid -v



===========================
III. UNINSTALL INSTRUCTIONS
===========================
Note: This will ONLY uninstall the pack from your local machine.

1) Close the NetBackup user interfaces.

Make sure the NetBackup server has no active jobs running (for
example, backups, restores, or duplications).

If a database agent is being used, such as Oracle,
ensure that the database services are stopped.

2) Change directory to the pack save directory.
Substitute the pack name for ${PACK} in the following command:

cd /usr/openv/pack/${PACK}/save

3) Run the un-install script:

./Vrts_pack.uninstall

4) Verify that the pack uninstalled successfully by checking:

/usr/openv/pack/pack.history.

5) If update_clients was run after the pack was originally INSTALLED,
run it again after that pack is successfully UNINSTALLED.

6) If necessary, restart the NetBackup and Media Manager daemons:

/usr/openv/netbackup/bin/goodies/netbackup start



=================================
IV. DESCRIPTION OF PROBLEMS FIXED
=================================
The following are descriptions of the problems fixed. Please read the
entire document before installing.

A vulnerability has been confirmed in the NetBackup Volume Manager
daemon. Please refer to the Current Pack section for more information.


README Conventions:

Description
Describes a particular problem or feature contained in this pack.

** Description **
Describes a problem that can lead to potential data loss. Please
read these problem descriptions carefully.

Workaround
Any available workarounds to a problem are also listed. Workarounds
can be used INSTEAD of applying the patch, however, Symantec strongly
recommends the "best practice" of being at the latest patch level.

Additional Notes
Any additional information regarding these problems are included.


=============
Current pack
=============

================================================================================
Etrack Incident = ET521918

Description:
A stack-based buffer overflow vulnerability existed in the volume manager
daemon (vmd) running on NetBackup servers. If an attacker was able to
gain access to a vulnerable NetBackup server and successfully exploit this
issue, it could have lead to arbitrary code execution and resulted in
unauthorized access with elevated privileges on the targeted system.

This vulnerability impacted only NetBackup server systems and did not
impact NetBackup client systems.
--------------------------------------------------------------------------------

Etrack Incident = ET538174 ET537659 ET537508 ET537534 ET537525 ET537517 ET537472
ET537554 ET537411 ET538159 ET542501 ET546266 ET564217 ET540337 ET536765

Description:
Multiple buffer overflow vulnerabilities have been identified in daemons
that run on Veritas NetBackup master, media, and client servers. An
attacker, if able to access a vulnerable Veritas NetBackup server and
successfully exploit these issues, could potentially execute arbitrary
code resulting in possible unauthorized and elevated privilege access to
the targeted system.

For more information about this vulnerability, refer to TechNote 281521 on
the Symantec Support Web site (http://support.veritas.com/docs/281521 ).
================================================================================



Attachments

NB_50_6S01_M_282490.rs6000.tar (11.7 MBytes)


Legacy ID



282490


Article URL http://www.symantec.com/docs/TECH46967


Terms of use for this information are found in Legal Notices