Veritas-bu

[Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1,6.0)!

2005-10-12 07:34:32
Subject: [Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1,6.0)!
From: jpiszcz AT servervault DOT com (Piszcz, Justin)
Date: Wed, 12 Oct 2005 07:34:32 -0400
This is a multi-part message in MIME format.

------_=_NextPart_001_01C5CF20.EA998D50
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

What if a client you backup is on a public network and is compromised?

=20

Justin.

=20

________________________________

From: WEAVER, Simon [mailto:simon.weaver AT astrium.eads DOT net]=20
Sent: Wednesday, October 12, 2005 7:29 AM
To: Piszcz, Justin; veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] NetBackup (possible root) Exploit
(4.5,5.0,5.1,6.0)!

=20

The Netbackup Servers here are in restricted Networks and not exposed!
So I might just pass on this! for the mo....! :-)

=20

=20

Simon Weaver=20
Technical Support=20
Windows Domain Administrator=20

EADS Astrium=20
Tel: 02392-705354=20

Email: Simon.Weaver AT Astrium.eads DOT net=20

        -----Original Message-----
        From: Piszcz, Justin [mailto:jpiszcz AT servervault DOT com]=20
        Sent: 12 October 2005 12:12
        To: veritas-bu AT mailman.eng.auburn DOT edu
        Subject: [Veritas-bu] NetBackup (possible root) Exploit
(4.5,5.0,5.1,6.0)!

        =20

        Better get patching! :-)

        =20

        Dear Valued Symantec Customer,

        =20

        This is to inform you that Symantec Enterprise Technical Support
has

        just issued a security alert. This is a critical technical issue
for:

        =20

        VERITAS NetBackup (tm) DataCenter 4.5 - including all present

        Maintenance Packs and Feature Packs

        =20

        VERITAS NetBackup (tm) BusinesServer 4.5 - including all present

        Maintenance Packs and Feature Packs

        =20

        VERITAS NetBackup (tm) Enterprise Server 5.0, 5.1, and 6.0 -
including

        all present Maintenance Packs for each version

        =20

        VERITAS NetBackup (tm) Server 5.0, 5.1, and 6.0 - including all
present

        Maintenance Packs for each version

        =20

        For a detailed description of this issue and our
recommendations, please

        review the following reference document:

        =20

        http://support.veritas.com/docs/279085=20

        =20

This email is for the intended addressee only.
If you have received it in error then you must not use, retain,
disseminate or otherwise deal with it.
Please notify the sender by return email.
The views of the author may not necessarily constitute the views of EADS
Astrium Limited.
Nothing in this email shall bind EADS Astrium Limited in any contract or
obligation.

EADS Astrium Limited, Registered in England and Wales No. 2449259
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS,
England
=09

------_=_NextPart_001_01C5CF20.EA998D50
Content-Type: text/html;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>Message</title>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"City"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:Arial;
        color:navy;}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>What if a client you backup is on a =
public
network and is compromised?<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Justin.<o:p></o:p></span></font></p>=


<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> =
WEAVER, Simon
[mailto:simon.weaver AT astrium.eads DOT net] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Wednesday, October =
12, 2005
7:29 AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> Piszcz, Justin;
veritas-bu AT mailman.eng.auburn DOT edu<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: [Veritas-bu]
NetBackup (possible root) Exploit =
(4.5,5.0,5.1,6.0)!</span></font><o:p></o:p></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<div>

<p class=3DMsoNormal><font size=3D2 color=3Dblue face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:blue'>The Netbackup Servers here are in
restricted Networks and not exposed! So I might just pass on this! for =
the
mo....! :-)</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<p><b><font size=3D2 color=3Dblue face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;color:blue;font-weight:bold'>Simon =
Weaver</span></font></b>
<br>
<b><font size=3D2 color=3Dblue face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;
font-family:Arial;color:blue;font-weight:bold'>Technical =
Support</span></font></b>
<br>
<b><font size=3D2 color=3Dblue face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;
font-family:Arial;color:blue;font-weight:bold'>Windows Domain =
Administrator</span></font></b><span
lang=3DEN-GB> </span><o:p></o:p></p>

<p><b><i><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold;font-style:italic'>EADS =
Astrium</span></font></i></b>
<br>
<b><i><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold;font-style:italic'>Tel: =
02392-705354</span></font></i></b><span
lang=3DEN-GB> </span><o:p></o:p></p>

<p><b><font size=3D2 color=3Dred face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;
font-family:Arial;color:red;font-weight:bold'>Email: =
Simon.Weaver AT Astrium.eads DOT net</span></font></b><span
lang=3DEN-GB> </span><o:p></o:p></p>

<blockquote =
style=3D'margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Piszcz, Justin
[mailto:jpiszcz AT servervault DOT com] <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> 12 October 2005 =
12:12<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
veritas-bu AT mailman.eng.auburn DOT edu<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> [Veritas-bu] =
NetBackup
(possible root) Exploit (4.5,5.0,5.1,6.0)!</span></font><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Better get patching! </span></font><font size=3D2
face=3DWingdings><span =
style=3D'font-size:10.0pt;font-family:Wingdings'>J</span></font><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p=
>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>Dear Valued Symantec =
Customer,<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>This is to inform you that Symantec =
Enterprise
Technical Support has<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>just issued a security alert. This is a =
critical
technical issue for:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>VERITAS NetBackup (tm) DataCenter 4.5 - =
including
all present<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>Maintenance Packs and Feature =
Packs<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>VERITAS NetBackup (tm) BusinesServer 4.5 - =
including
all present<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>Maintenance Packs and Feature =
Packs<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>VERITAS NetBackup (tm) <st1:place =
w:st=3D"on"><st1:City
 w:st=3D"on">Enterprise</st1:City></st1:place> Server 5.0, 5.1, and 6.0 =
-
including<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>all present Maintenance Packs for each =
version<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>VERITAS NetBackup (tm) Server 5.0, 5.1, and =
6.0 -
including all present<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>Maintenance Packs for each =
version<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>For a detailed description of this issue and =
our
recommendations, please<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'>review the following reference =
document:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;
font-family:"Courier New"'><a =
href=3D"http://support.veritas.com/docs/279085";>http://support.veritas.co=
m/docs/279085</a>
<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</blockquote>

</div>

</body>

</html>
<table><tr><td bgcolor=3D#ffffff><font color=3D#000000>This email is for =
the intended addressee only.<br>
If you have received it in error then you must not use, retain, =
disseminate or otherwise deal with it.<br>
Please notify the sender by return email.<br>
The views of the author may not necessarily constitute the views of EADS =
Astrium Limited.<br>
Nothing in this email shall bind EADS Astrium Limited in any contract or =
obligation.<br>
<br>
EADS Astrium Limited, Registered in England and Wales No. 2449259<br>
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, =
England<br>
</font></td></tr></table>
------_=_NextPart_001_01C5CF20.EA998D50--

<Prev in Thread] Current Thread [Next in Thread>