VERITAS NetBackup: Java User-Interface, format string vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This advisory is available from:
http://www.symantec.com/avcenter/security/Content/2005.10.12.html
Symantec Security Advisory
SYM05-018
12 Oct, 2005
VERITAS NetBackup: Java User-Interface, format string vulnerability
Revision History
None
Severity
HIGH
Remote Access Yes
Local Access Yes
Authentication Required No
Exploit publicly Available No
Overview
The remote exploitation of a format string overflow vulnerability in the
Java user-interface authentication service, bpjava-msvc, running on VERITAS
NetBackup servers and agents, could potentially allow remote attackers to
execute arbitrary code on a targeted system with elevated privileges.
Affected Product(s)
Product Version Build Platform Solution
VERITAS NetBackup Data and Business Center 4.5FP All All
NB_45_9S1443_F
VERITAS NetBackup Data and Business Center 4.5MP All All
NB_45_9S1729_M
VERITAS NetBackup Enterprise/Server/Client 5.0 All All
NB_50_5S1320_M
VERITAS NetBackup Enterprise/Server/Client 5.1 All All
NB_51_3AS0949_M
VERITAS NetBackup Enterprise/Server/Client 6.0 All All
NB_60_3S0007_M
Details
TippingPoint, a division of 3Com, notified Symantec of a format string
overflow vulnerability in VERITAS NetBackup that could potentially allow a
remote attacker to execute arbitrary code. The vulnerability exists in the
authentication service, bpjava-msvc daemon, in the Java user-interface. If
a remote attacker were able to access the service and successfully exploit
this vulnerability, they could potentially execute arbitrary code with the
privileges of the bpjava-msvc daemon, normally root or SYSTEM, on the
targeted system.
Symantec Response
Symantec Engineers have verified this issue and made security updates
available for the supported VERITAS NetBackup products. Symantec strongly
recommends all customers immediately apply the latest updates for their
supported product versions to protect against these types of threats.
The patches listed above for NetBackup DataCenter and NetBackup
BusinessServer 4.5 and for NetBackup Enterprise Server and NetBackup
Server 5.0, 5.1, and 6.0 are available from the following location:
http://support.veritas.com/docs/279085
NOTE: In a recommended installation, VERITAS NetBackup should be
restricted to trusted access only. The VERITAS NetBackup Server or clients
should never be visible external to the network which greatly reduces
opportunities for unauthorized access.
Symantec is unaware of any exploit of or adverse customer impact from this
issue.
Symantec Security Response has released IPS/IDS signatures to detect and
prevent attempts to exploit this issue.
Symantec ManHunt 3.0 signatures are available for update from the Symantec
Security Response Update Center at:
http://securityresponse.symantec.com/avcenter/security/Content/Product/Prod
uct_MH.html
Symantec Network Security Appliance 7100 signatures are available for
update from the Symantec Security Response Update Center at:
http://securityresponse.symantec.com/avcenter/security/Content/Product/Prod
uct_SNS.html
Symantec Gateway Security 3.0 signatures are available for update from the
Symantec Security Response Update Center at:
http://securityresponse.symantec.com/avcenter/security/Content/Product/Prod
uct_SGS.html
Symantec Client Security 2.0 and 3.0 signatures are available for update
via LiveUpdate and from the Security Response Update Center at:
http://www.symantec.com/avcenter/security/Content/Product/Product_SCS.html
Customers using Symantec Client Security 2.0 and 3.0 should have already
uploaded this signature if they run LiveUpdate regularly. If not, Symantec
recommends customers manually run Symantec LiveUpdate to ensure they have
the most current protection.
As part of normal best practices, Symantec strongly recommends:
· Restricting access to administration or management systems to privileged
users.
· Restricting remote access, if required, to trusted/authorized systems
only.
· Running under the principle of least privilege where possible to limit
the impact of exploit by threats such as this.
· Keeping all operating systems and applications updated with the latest
vendor patches.
· Following a multi-layered approach to security. Run both firewall and
antivirus applications, at a minimum, to provide multiple points of
detection and protection to both inbound and outbound threats.
· Deploying network intrusion detection systems to monitor network traffic
for signs of anomalous or suspicious activity. This may aid in detection of
attacks or malicious activity related to exploitation of latent
vulnerabilities
CVE
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE
Candidate CAN-2005-2715 to this issue.
This issue is a candidate for inclusion in the CVE list
(http://cve.mitre.org), which standardizes names for security problems.
Credit:
Symantec would like to thank TippingPoint Research, a division of 3Com, for
reporting this issue and for providing coordination while Symantec resolved
it. This vulnerability was discovered by Kevin Finisterre and JohnH.
Symantec takes the security and proper functionality of its products very
seriously. As founding members of the Organization for Internet Safety
(OISafety), Symantec follows the principles of responsible disclosure.
Symantec also subscribes to the vulnerability guidelines outlined by the
National Infrastructure Advisory Council (NIAC). Please contact
secure@xxxxxxxxxxxx if you feel you have discovered a potential or actual
security issue with a Symantec product. A Symantec Product Security team
member will contact you regarding your submission.
Symantec has developed a Product Vulnerability Handling Process document
outlining the process we follow in addressing suspected vulnerabilities in
our products. We support responsible disclosure of all vulnerability
information in a timely manner to protect Symantec customers and the
security of the Internet as a result of vulnerability. This document is
available from the location provided below.
Symantec strongly recommends using encrypted email for reporting
vulnerability information to secure@xxxxxxxxxxxxx The Symantec Product
Security PGP key can be obtained from http://www.symantec.com/security/
Copyright (c) 2005 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as
it is not edited in any way unless authorized by Symantec Security
Response. Reprinting the whole or part of this alert in any medium other
than electronically requires permission from secure@xxxxxxxxxxxxx
Disclaimer
The information in the advisory is believed to be accurate at the time of
publishing based on currently available information. Use of the information
constitutes acceptance for use in an AS IS condition. There are no
warranties with regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect, or consequential
loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and SymSecurity
are registered trademarks of Symantec Corp. and/or affiliated companies in
the United States and other countries. All other registered and
unregistered trademarks represented in this document are the sole property
of their respective companies/owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)
iQA/AwUBQ01z25IF/uvuJQrOEQK2vQCeLMMn0+gOLRcm/dx0tXiTt5orFYcAoIoJ
7Ft65GHM4hyXh/7MSLDVqMfA
=FM23
-----END PGP SIGNATURE-----