Veritas-bu

[Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1, 6.0)!

2005-10-12 12:56:56
Subject: [Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1, 6.0)!
From: ssesar AT mitre DOT org (Steven L. Sesar)
Date: Wed, 12 Oct 2005 12:56:56 -0400
This is a multi-part message in MIME format.
--------------050301090805000603080607
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I don't believe that you'll be able to make configuration changes via 
the GUI.

--S

Mark.Donaldson AT cexp DOT com wrote:

> What's the penalty for just disabling the port in the /etc/services or 
> /etc/inetd.conf files?
>
> -----Original Message-----
> From: Piszcz, Justin [mailto:jpiszcz AT servervault DOT com]
> Sent: 12 October 2005 12:12
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: [Veritas-bu] NetBackup (possible root) Exploit 
> (4.5,5.0,5.1,6.0)!
>  
> Better get patching! J
>  
> Dear Valued Symantec Customer,
>  
> This is to inform you that Symantec Enterprise Technical Support has
> just issued a security alert. This is a critical technical issue for:
>  
> VERITAS NetBackup (tm) DataCenter 4.5 - including all present
> Maintenance Packs and Feature Packs
>  
> VERITAS NetBackup (tm) BusinesServer 4.5 - including all present
> Maintenance Packs and Feature Packs
>  
> VERITAS NetBackup (tm) Enterprise Server 5.0, 5.1, and 6.0 - including
> all present Maintenance Packs for each version
>  
> VERITAS NetBackup (tm) Server 5.0, 5.1, and 6.0 - including all present
> Maintenance Packs for each version
>  
> For a detailed description of this issue and our recommendations, please
> review the following reference document:
>  
> http://support.veritas.com/docs/279085
>  
> This email is for the intended addressee only.
> If you have received it in error then you must not use, retain, 
> disseminate or otherwise deal with it.
> Please notify the sender by return email.
> The views of the author may not necessarily constitute the views of 
> EADS Astrium Limited.
> Nothing in this email shall bind EADS Astrium Limited in any contract 
> or obligation.
>
> EADS Astrium Limited, Registered in England and Wales No. 2449259
> Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 
> 2AS, England
>
>
> This email is for the intended addressee only.
> If you have received it in error then you must not use, retain, 
> disseminate or otherwise deal with it.
> Please notify the sender by return email.
> The views of the author may not necessarily constitute the views of 
> EADS Astrium Limited.
> Nothing in this email shall bind EADS Astrium Limited in any contract 
> or obligation.
>
> EADS Astrium Limited, Registered in England and Wales No. 2449259
> Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 
> 2AS, England
>


-- 
===================================

   Steven L. Sesar
   Senior Operating Systems Programmer/Analyst
   UNIX Application Services R101
   The MITRE Corporation
   202 Burlington Road - KS101
   Bedford, MA 01730
   tel: (781) 271-7702
   fax: (781) 271-2600
   mobile: (617) 893-9635
   email: ssesar AT mitre DOT org

=================================== 


--------------050301090805000603080607
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I don't believe that you'll be able to make configuration changes via
the GUI.<br>
<br>
--S<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Mark.Donaldson AT cexp DOT 
com">Mark.Donaldson AT cexp DOT com</a> wrote:
<blockquote
 cite="midF4D46C97ACF27843B7EF7ADE1F3D802009E3E6C8 AT 
uscobrmfa-se-39.northamerica.cexp DOT com"
 type="cite">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta name="Generator" content="MS Exchange Server version 5.5.2658.2">
  <title>RE: [Veritas-bu] NetBackup (possible root) Exploit
(4.5,5.0,5.1, 6.0)!</title>
  <p><font size="2">What's the penalty for just disabling the port in
the /etc/services or /etc/inetd.conf files?</font>
  </p>
  <p><font size="2">-----Original Message-----</font>
  <br>
  <font size="2">From: Piszcz, Justin [<a
 href="mailto:jpiszcz AT servervault DOT com">mailto:jpiszcz AT servervault DOT 
com</a>]
  </font><br>
  <font size="2">Sent: 12 October 2005 12:12</font>
  <br>
  <font size="2">To: <a class="moz-txt-link-abbreviated" 
href="mailto:veritas-bu AT mailman.eng.auburn DOT edu">veritas-bu AT 
mailman.eng.auburn DOT edu</a></font>
  <br>
  <font size="2">Subject: [Veritas-bu] NetBackup (possible root)
Exploit (4.5,5.0,5.1,6.0)!</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">Better get patching! J</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">Dear Valued Symantec Customer,</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">This is to inform you that Symantec Enterprise
Technical Support has</font>
  <br>
  <font size="2">just issued a security alert. This is a critical
technical issue for:</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">VERITAS NetBackup (tm) DataCenter 4.5 - including all
present</font>
  <br>
  <font size="2">Maintenance Packs and Feature Packs</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">VERITAS NetBackup (tm) BusinesServer 4.5 - including
all present</font>
  <br>
  <font size="2">Maintenance Packs and Feature Packs</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">VERITAS NetBackup (tm) Enterprise Server 5.0, 5.1, and
6.0 - including</font>
  <br>
  <font size="2">all present Maintenance Packs for each version</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">VERITAS NetBackup (tm) Server 5.0, 5.1, and 6.0 -
including all present</font>
  <br>
  <font size="2">Maintenance Packs for each version</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">For a detailed description of this issue and our
recommendations, please</font>
  <br>
  <font size="2">review the following reference document:</font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2"><a href="http://support.veritas.com/docs/279085";
 target="_blank">http://support.veritas.com/docs/279085</a> </font>
  <br>
  <font size="2">&nbsp;</font>
  <br>
  <font size="2">This email is for the intended addressee only.</font>
  <br>
  <font size="2">If you have received it in error then you must not
use, retain, disseminate or otherwise deal with it.</font>
  <br>
  <font size="2">Please notify the sender by return email.</font>
  <br>
  <font size="2">The views of the author may not necessarily constitute
the views of EADS Astrium Limited.</font>
  <br>
  <font size="2">Nothing in this email shall bind EADS Astrium Limited
in any contract or obligation.</font>
  </p>
  <p><font size="2">EADS Astrium Limited, Registered in England and
Wales No. 2449259</font>
  <br>
  <font size="2">Registered Office: Gunnels Wood Road, Stevenage,
Hertfordshire, SG1 2AS, England</font>
  </p>
  <br>
  <p><font size="2">This email is for the intended addressee only.</font>
  <br>
  <font size="2">If you have received it in error then you must not
use, retain, disseminate or otherwise deal with it.</font>
  <br>
  <font size="2">Please notify the sender by return email.</font>
  <br>
  <font size="2">The views of the author may not necessarily constitute
the views of EADS Astrium Limited.</font>
  <br>
  <font size="2">Nothing in this email shall bind EADS Astrium Limited
in any contract or obligation.</font>
  </p>
  <p><font size="2">EADS Astrium Limited, Registered in England and
Wales No. 2449259</font>
  <br>
  <font size="2">Registered Office: Gunnels Wood Road, Stevenage,
Hertfordshire, SG1 2AS, England</font>
  </p>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">-- 
===================================

   Steven L. Sesar
   Senior Operating Systems Programmer/Analyst
   UNIX Application Services R101
   The MITRE Corporation
   202 Burlington Road - KS101
   Bedford, MA 01730
   tel: (781) 271-7702
   fax: (781) 271-2600
   mobile: (617) 893-9635
   email: <a class="moz-txt-link-abbreviated" href="mailto:ssesar AT mitre DOT 
org">ssesar AT mitre DOT org</a>

=================================== 
</pre>
</body>
</html>

--------------050301090805000603080607--