Security Advisory SYM09-017 CommandCentral Storage 4.x, 5.0 and 5.1 and CommandCentral Enterprise Reporter 5.0, 5.0 MP1, 5.0 MP1RP1, and 5.1 resolutions for VRTSweb component
| Article:TECH76870 | | | Created: 2009-01-16 | | | Updated: 2012-02-06 | | | Article URL http://www.symantec.com/docs/TECH76870 |
Problem
Security Advisory SYM09-017 CommandCentral Storage 4.x, 5.0 and 5.1 and CommandCentral Enterprise Reporter 5.0, 5.0 MP1, 5.0 MP1RP1, and 5.1 resolutions for VRTSweb component
Solution
Problem description
Symantec VRTSweb, a shared component shipped with many Symantec Veritas products, is susceptible to a remote code-execution vulnerability. This vulnerability is caused by the improper validation of incoming data over port 14300.
This alert is being issued in conjunction with a Security Advisory, whose details are given at the following location: http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=security_advisory
| Vulnerability Type | Affected |
|---|---|
| Remote Access (Adjacent network) | Yes |
| Local Access | No |
| Authentication Required | No |
| Exploit publicly available | No |
Affected Versions:
CommandCentral Storage 4.x, 5.0, and 5.1.
CommandCentral Storage Change Manager 5.0 and 5.1.
CommandCentral Enterprise Reporter 5.0, 5.0 MP1, 5.0 MP1RP1, and 5.1
Solution:
This issue is resolved in CommandCentral Storage 5.1.1 and CommandCentral Storage Change Manager 5.1.1. To download version 5.1.1, go to http://fileconnect.symantec.com.
If it is not possible to upgrade to 5.1.1 at this time, Symantec recommends implementing the Workaround listed in the next section.
For Command Central Enterprise Reporter, this issue is slated for resolution with the upcoming 5.2 version. Symantec strongly recommends applying the workaround listed in the next section until the formal resolution to this issue is available.
Mitigation / Workaround:
Block all incoming requests on default port 14300 (or the port that has been configured), except the ones that come from localhost/127.0.0.1, to reduce the risk associated with this vulnerability until the recommended fix is applied.
or
Shut down VRTSweb, which will disable web-UI functionality that depends on it. To shut down VRTSweb, use the following command:
- UNIX/Linux:
#/opt/VRTSweb/bin/webgui stop
Windows:
Use the Windows service manager to stop the "Symantec Web Service" service.
NOTE: You will not be able to login to the CommandCentral management console while the Web service is disabled.
Best Practices:
Symantec strongly recommends the following best practices:
1. Always perform a full backup prior to and after any changes to your environment.
2. Always make sure that your environment is running the latest version and patch level.
3. Perform periodic "test" restores.
4. Subscribe to technical articles.
How to Subscribe to Email Notification:
Article Subscription:
Subscribe to this TechNote for any updates that are made to this article, by clicking on the following link: http://maillist.support.veritas.com/notification.asp?doc=337293
Software Alerts:
To subscribe to the Symantec Technical Support Email Notification Service, please click on the following link to subscribe to future Notifications:
http://maillist.entsupport.symantec.com/subscribe.asp
|
|
Related Articles
Legacy ID
337293
Article URL http://www.symantec.com/docs/TECH76870
Terms of use for this information are found in Legal Notices
Thank you.