Security Pack NB_45_9S2_F.hp_ux.tar provides security-related fixes for Veritas NetBackup (tm) DataCenter / BusinesServer 4.5FP HP-UX Servers

Article:TECH47070  |  Created: 2006-01-22  |  Updated: 2013-10-23  |  Article URL http://www.symantec.com/docs/TECH47070
Article Type
Technical Solution

Product(s)

Environment

Issue



Security Pack NB_45_9S2_F.hp_ux.tar provides security-related fixes for Veritas NetBackup (tm) DataCenter / BusinesServer 4.5FP HP-UX Servers

Solution



NB 4.5FP_6/4.5FP_9S1443 Pack NB_45_9S2_F README March 23, 2006
Requirement: NB_45_9_F
Corequirement: NB_CLT_45_9S2_F
================================================================================
** THIS SECURITY PACK MUST BE INSTALLED OVER THE NETBACKUP 4.5FP6 PACK NB_45_9_F
FEATURE PACK. ANY ATTEMPT TO INSTALL THIS PACK OVER AN EARLIER VERSION OF
NETBACKUP 4.5 WILL RESULT IN A FAILED INSTALL. **

(Please refer to the PACK DEPENDENCIES and the RELATED DOCUMENTS sections of
this Readme for additional information that applies to this pack.)

================================================================================



=================
PACK DEPENDENCIES
=================

-- 4.5FP6 PACK NB_45_9_F must be installed prior to installing this
Security Pack.

-- 4.5FP6 PACK NB_CLT_45_9S2_F must be installed after installing this
Security Pack.

-- Installation of this Security Pack requires version 1.8.2.26 of the
Vrts_pack.install script.

-- For the latest robotics support please also download and install the
latest Mappings_4.5.<6 digit number>.tar from the Support Web site:
www.support.veritas.com.


I. DOWNLOAD INSTRUCTIONS
II. INSTALLATION INSTRUCTIONS
III. UNINSTALL INSTRUCTIONS
IV. DESCRIPTION OF PROBLEMS FIXED
Current Pack


=========================
I. DOWNLOAD INSTRUCTIONS
=========================
1) Download the NB_CLT_45_9S2_F_<6 digit number>.tar and
NB_45_9S2_F_<6 digit number>.<server>.tar files into the
/tmp directory,

where <6 digit number> is an internal tracking identifier

where <server> is alpha, hp_ux, linux, ncr, rs6000, sequent4.2, sgi, solaris

NOTE: NB_CLT_45_9S2_F_<6 digit number>.tar has the client binaries and
NB_45_9S2_F_<6 digit number>.<server>.tar has the server binaries and BOTH
must be installed.

2) Extract the NB_CLT_45_9S2_F_<6 digit number>.tar and the
NB_45_9S2_F_<6 digit number>.<server>.tar files.
tar xvf NB_CLT_45_9S2_F_<6 digit number>.tar
tar xvf NB_45_9S2_F_<6 digit number>.<server>.tar

NB_45_9S2_F will create the files:
VrtsNB_45_9S2_F.README
VrtsNB_45_9S2_F.<server>.tar.Z
VrtsNB_45_9S2_F.postuninstall
VrtsNB_45_9S2_F.postinstall
VrtsNB_45_9S2_F.preinstall
Vrts_pack.install

NB_CLT_45_9S2_F will create the files:
VrtsNB_CLT_45_9S2_F.README
VrtsNB_CLT_45_9S2_F.tar.Z
VrtsNB_CLT_45_9S2_F.postuninstall
VrtsNB_CLT_45_9S2_F.postinstall
VrtsNB_CLT_45_9S2_F.preinstall
Vrts_pack.install


==============================
II. INSTALLATION INSTRUCTIONS
==============================

As root on the NetBackup Master/Media Server:

1) Install NB_45_9S2_F and NB_CLT_45_9S2_F pack binaries.

cd /tmp
/bin/sh Vrts_pack.install

2) Restart daemons.

/usr/openv/netbackup/bin/initbprd
/usr/openv/volmgr/bin/ltid -v

3) Update the NetBackup clients, including the NetBackup master and media
servers, with the update_clients script.

/usr/openv/netbackup/bin/update_clients <hardware> <os>

where <hardware> <os> is one of the following:
ALPHA OSF1_V4
ALPHA OSF1_V5
DataGeneral UNIX
HP9000-700 HP-UX11.00
HP9000-800 HP-UX11.00
INTEL FreeBSD
Linux RedHat2.2
Linux RedHat2.4
MACINTOSH MacOSXS1.2
MACINTOSH MacOSX
NCR UNIX
RS6000 AIX4.3.3
RS6000 AIX5
SCO UnixWare
Sequent DYNIX420
SGI IRIX65
Solaris Solaris2.6
Solaris Solaris7
Solaris Solaris8
Solaris Solaris9
Solaris Solaris_x86_2.6
Solaris Solaris_x86_7
Solaris Solaris_x86_8

Remember to include the master server's <hardware> <os> type.

Note: The /usr/openv/netbackup/bin/update_clients command without
any parameters will update all the UNIX clients.

Note: When updating an RS6000 client, there may be circumstances
where update_clients will fail with an error similar to
this:

Couldn't open /usr/openv/lib/libVmangle.so on client
Client open errno = 26

If this happens, execute /usr/sbin/slibclean on the client
to be updated and re-run update_clients.

If the client (CLT) .Z file and README exist in the installation directory
during the installation of the server pack, the Vrts_pack.install script will
install the client pack automatically. The client pack will NOT be installed
automatically during a reinstall of the server pack.

Additional Notes:

If non-root administrators use the GUI only, the nonroot_admin
script no longer needs to be run. If the non-root administrators
use the command line or bpadm, the group and file permissions
will have to be changed manually on the NetBackup binaries.
Users can write their own script. The script is being phased
out because there is a slight security risk that non-root users
may be able to execute NetBackup commands only because those users
are part of a group that is allowed to execute NetBackup commands.


============================
III. UNINSTALL INSTRUCTIONS
============================
Note: This will ONLY uninstall the Security Pack from your local machine.

1) Close the NetBackup user interfaces.

Make sure the NetBackup server has no active jobs running (for
example, backups, restores, or duplications).

If a database agent is being used, such as Oracle,
ensure that the database services are stopped.

2) Change directory to the pack save directory.
Substitute the pack name for ${PACK} in the following command:

cd /usr/openv/pack/${PACK}/save

3) Run the un-install script:

./Vrts_pack.uninstall

4) Verify that the pack uninstalled successfully by checking
/usr/openv/pack/pack.history.

5) If update_clients was run after the pack was originally INSTALLED,
run it again after that pack is successfully UNINSTALLED.

6) If necessary, restart the NetBackup and Media Manager daemons:
/usr/openv/netbackup/bin/goodies/netbackup start


==================================
IV. DESCRIPTION OF PROBLEMS FIXED
==================================
The following are descriptions of the problems fixed. Please read the
entire document before installing.

README Conventions:

Description
Describes particular problem or feature contained in this Security Pack.

** Description **
Describes a problem that can lead to potential data loss. Please
read these problem descriptions carefully.

Workaround
Any available workarounds to a problem are also listed. Workarounds
can be used INSTEAD of applying the patch, however, Symantec strongly
recommends the "best practice" of being at the latest patch level.

Additional Notes
Any additional information regarding this problem is included.


=============
Current pack
=============

================================================================================
Etrack Incident = ET520523 ET529520

Description:
A stack-based buffer overflow vulnerability existed in the volume manager
daemon (vmd) running on NetBackup servers. If an attacker was able to
gain access to a vulnerable NetBackup server and successfully exploit this
issue, it could have lead to arbitrary code execution and resulted in
unauthorized access with elevated privileges on the targeted system.

This vulnerability impacted only NetBackup server systems and did not
impact NetBackup client systems.
--------------------------------------------------------------------------------
Etrack Incident = ET542279 ET542261 ET542257 ET542275 ET536743 ET542255 ET542263
ET542265 ET542267 ET542269 ET542248 ET546392 ET546392 ET542499 ET542271

Description:
Multiple buffer overflow vulnerabilities have been identified in daemons
that run on Veritas NetBackup master, media, and client servers. An
attacker, if able to access a vulnerable Veritas NetBackup server and
successfully exploit these issues, could potentially execute arbitrary
code resulting in possible unauthorized and elevated privilege access to
the targeted system.

For more information relating to this vulnerability notification, refer to
TechNote 281521 on the Symantec Support web site.
================================================================================



Attachments

NB_45_9S2_F_282572.hp_ux.tar (15.1 MBytes)


Legacy ID



282572


Article URL http://www.symantec.com/docs/TECH47070


Terms of use for this information are found in Legal Notices