Security Advisory SYM09-017 Backup Exec Continuous Protection Server (CPS) patches for Symantec Veritas VRTSweb component

Article:TECH77352  |  Created: 2009-01-27  |  Updated: 2012-09-21  |  Article URL http://www.symantec.com/docs/TECH77352
Article Type
Technical Solution

Product(s)

Issue



Security Advisory SYM09-017 Backup Exec Continuous Protection Server (CPS) patches for Symantec Veritas VRTSweb component


Solution



Introduction
Symantec VRTSweb, a shared component shipped with many Symantec Veritas products, is susceptible to a remote code-execution vulnerability. This vulnerability is caused by the improper validation of incoming data over port 14300.

This alert is being issued in conjunction with a Security Advisory, which is available at the following location:   http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091209_00 

What is Affected:
Backup Exec Continuous Protection Server (CPS) 11d
Backup Exec Continuous Protection Server (CPS) 12.0
Backup Exec Continuous Protection Server (CPS) 12.5

How to Determine if Affected:
This issue will be visible on a server running CPS 11d, 12.0 and 12.5 along with the Symantec Veritas VRTSweb component. The CPS server with this component installed will have a "Symantec Web Server Service" displayed in the Services console.

Formal Resolution:
This issue is formally resolved in the following hotfixes:
Backup Exec Continuous Protection Server (CPS) 11d:
http://support.veritas.com/docs/337863
Backup Exec Continuous Protection Server (CPS) 12.0:
http://support.veritas.com/docs/337866
Backup Exec Continuous Protection Server (CPS) 12.5:
http://support.veritas.com/docs/337867

To resolve this issue, apply the respective patch for your environment.  If the hotfix cannot be applied at this time, Symantec strongly recommends implementing the Workaround listed in the next section until the patch can be applied to the environment.

Mitigations/Workarounds

 

    - Block all incoming requests on default port 14300 (or the port that has been configured), except the ones that come from localhost/127.0.0.1, to reduce the risk associated with this vulnerability until the recommended fix is applied.
    (or)
    -Shutdown VRTSweb (which will disable web-UI functionality that depends on it) using following commands:
            UNIX/Linux:  /opt/VRTSweb/bin/webgui stop
            Windows:  From the command shell:  service vrtsweb stop


Best Practices
:
Symantec strongly recommends the following best practices:
1. Always perform a full backup prior to and after any changes to your environment.
2. Always make sure that your environment is running the latest version and patch level.
3. Perform periodic "test" restores.
4. Subscribe to technical articles.

How to Subscribe to Email Notification:
Article Subscription:
Subscribe to this TechNote for any updates that are made to this article, by clicking on the following link:   http://maillist.support.veritas.com/notification.asp?doc=337859 

Software Alerts:
If you have not received this from the Symantec Technical Support Email Notification Service, please click on the following link to subscribe to future Notifications:
http://maillist.entsupport.symantec.com/subscribe.asp




Supplemental Materials

Value1792981
Description

Update CPS VRTSweb to latest version (PST09-038)


Value1792982
Description

Update CPS VRTSweb to latest version (PST09-038)


Value1792986
Description

Update CPS VRTSweb to latest version (PST09-038)



Legacy ID



337859


Article URL http://www.symantec.com/docs/TECH77352


Terms of use for this information are found in Legal Notices