[Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1, 6.0)!
2005-10-12 12:56:56
Subject: |
[Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1, 6.0)! |
From: |
ssesar AT mitre DOT org (Steven L. Sesar) |
Date: |
Wed, 12 Oct 2005 12:56:56 -0400 |
This is a multi-part message in MIME format.
--------------050301090805000603080607
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I don't believe that you'll be able to make configuration changes via
the GUI.
--S
Mark.Donaldson AT cexp DOT com wrote:
> What's the penalty for just disabling the port in the /etc/services or
> /etc/inetd.conf files?
>
> -----Original Message-----
> From: Piszcz, Justin [mailto:jpiszcz AT servervault DOT com]
> Sent: 12 October 2005 12:12
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: [Veritas-bu] NetBackup (possible root) Exploit
> (4.5,5.0,5.1,6.0)!
>
> Better get patching! J
>
> Dear Valued Symantec Customer,
>
> This is to inform you that Symantec Enterprise Technical Support has
> just issued a security alert. This is a critical technical issue for:
>
> VERITAS NetBackup (tm) DataCenter 4.5 - including all present
> Maintenance Packs and Feature Packs
>
> VERITAS NetBackup (tm) BusinesServer 4.5 - including all present
> Maintenance Packs and Feature Packs
>
> VERITAS NetBackup (tm) Enterprise Server 5.0, 5.1, and 6.0 - including
> all present Maintenance Packs for each version
>
> VERITAS NetBackup (tm) Server 5.0, 5.1, and 6.0 - including all present
> Maintenance Packs for each version
>
> For a detailed description of this issue and our recommendations, please
> review the following reference document:
>
> http://support.veritas.com/docs/279085
>
> This email is for the intended addressee only.
> If you have received it in error then you must not use, retain,
> disseminate or otherwise deal with it.
> Please notify the sender by return email.
> The views of the author may not necessarily constitute the views of
> EADS Astrium Limited.
> Nothing in this email shall bind EADS Astrium Limited in any contract
> or obligation.
>
> EADS Astrium Limited, Registered in England and Wales No. 2449259
> Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1
> 2AS, England
>
>
> This email is for the intended addressee only.
> If you have received it in error then you must not use, retain,
> disseminate or otherwise deal with it.
> Please notify the sender by return email.
> The views of the author may not necessarily constitute the views of
> EADS Astrium Limited.
> Nothing in this email shall bind EADS Astrium Limited in any contract
> or obligation.
>
> EADS Astrium Limited, Registered in England and Wales No. 2449259
> Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1
> 2AS, England
>
--
===================================
Steven L. Sesar
Senior Operating Systems Programmer/Analyst
UNIX Application Services R101
The MITRE Corporation
202 Burlington Road - KS101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
mobile: (617) 893-9635
email: ssesar AT mitre DOT org
===================================
--------------050301090805000603080607
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I don't believe that you'll be able to make configuration changes via
the GUI.<br>
<br>
--S<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Mark.Donaldson AT cexp DOT
com">Mark.Donaldson AT cexp DOT com</a> wrote:
<blockquote
cite="midF4D46C97ACF27843B7EF7ADE1F3D802009E3E6C8 AT
uscobrmfa-se-39.northamerica.cexp DOT com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="MS Exchange Server version 5.5.2658.2">
<title>RE: [Veritas-bu] NetBackup (possible root) Exploit
(4.5,5.0,5.1, 6.0)!</title>
<p><font size="2">What's the penalty for just disabling the port in
the /etc/services or /etc/inetd.conf files?</font>
</p>
<p><font size="2">-----Original Message-----</font>
<br>
<font size="2">From: Piszcz, Justin [<a
href="mailto:jpiszcz AT servervault DOT com">mailto:jpiszcz AT servervault DOT
com</a>]
</font><br>
<font size="2">Sent: 12 October 2005 12:12</font>
<br>
<font size="2">To: <a class="moz-txt-link-abbreviated"
href="mailto:veritas-bu AT mailman.eng.auburn DOT edu">veritas-bu AT
mailman.eng.auburn DOT edu</a></font>
<br>
<font size="2">Subject: [Veritas-bu] NetBackup (possible root)
Exploit (4.5,5.0,5.1,6.0)!</font>
<br>
<font size="2"> </font>
<br>
<font size="2">Better get patching! J</font>
<br>
<font size="2"> </font>
<br>
<font size="2">Dear Valued Symantec Customer,</font>
<br>
<font size="2"> </font>
<br>
<font size="2">This is to inform you that Symantec Enterprise
Technical Support has</font>
<br>
<font size="2">just issued a security alert. This is a critical
technical issue for:</font>
<br>
<font size="2"> </font>
<br>
<font size="2">VERITAS NetBackup (tm) DataCenter 4.5 - including all
present</font>
<br>
<font size="2">Maintenance Packs and Feature Packs</font>
<br>
<font size="2"> </font>
<br>
<font size="2">VERITAS NetBackup (tm) BusinesServer 4.5 - including
all present</font>
<br>
<font size="2">Maintenance Packs and Feature Packs</font>
<br>
<font size="2"> </font>
<br>
<font size="2">VERITAS NetBackup (tm) Enterprise Server 5.0, 5.1, and
6.0 - including</font>
<br>
<font size="2">all present Maintenance Packs for each version</font>
<br>
<font size="2"> </font>
<br>
<font size="2">VERITAS NetBackup (tm) Server 5.0, 5.1, and 6.0 -
including all present</font>
<br>
<font size="2">Maintenance Packs for each version</font>
<br>
<font size="2"> </font>
<br>
<font size="2">For a detailed description of this issue and our
recommendations, please</font>
<br>
<font size="2">review the following reference document:</font>
<br>
<font size="2"> </font>
<br>
<font size="2"><a href="http://support.veritas.com/docs/279085"
target="_blank">http://support.veritas.com/docs/279085</a> </font>
<br>
<font size="2"> </font>
<br>
<font size="2">This email is for the intended addressee only.</font>
<br>
<font size="2">If you have received it in error then you must not
use, retain, disseminate or otherwise deal with it.</font>
<br>
<font size="2">Please notify the sender by return email.</font>
<br>
<font size="2">The views of the author may not necessarily constitute
the views of EADS Astrium Limited.</font>
<br>
<font size="2">Nothing in this email shall bind EADS Astrium Limited
in any contract or obligation.</font>
</p>
<p><font size="2">EADS Astrium Limited, Registered in England and
Wales No. 2449259</font>
<br>
<font size="2">Registered Office: Gunnels Wood Road, Stevenage,
Hertfordshire, SG1 2AS, England</font>
</p>
<br>
<p><font size="2">This email is for the intended addressee only.</font>
<br>
<font size="2">If you have received it in error then you must not
use, retain, disseminate or otherwise deal with it.</font>
<br>
<font size="2">Please notify the sender by return email.</font>
<br>
<font size="2">The views of the author may not necessarily constitute
the views of EADS Astrium Limited.</font>
<br>
<font size="2">Nothing in this email shall bind EADS Astrium Limited
in any contract or obligation.</font>
</p>
<p><font size="2">EADS Astrium Limited, Registered in England and
Wales No. 2449259</font>
<br>
<font size="2">Registered Office: Gunnels Wood Road, Stevenage,
Hertfordshire, SG1 2AS, England</font>
</p>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
===================================
Steven L. Sesar
Senior Operating Systems Programmer/Analyst
UNIX Application Services R101
The MITRE Corporation
202 Burlington Road - KS101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
mobile: (617) 893-9635
email: <a class="moz-txt-link-abbreviated" href="mailto:ssesar AT mitre DOT
org">ssesar AT mitre DOT org</a>
===================================
</pre>
</body>
</html>
--------------050301090805000603080607--
|
Previous by Date: |
[Veritas-bu] Critical - Do not forget to do this when you migrate to a new machine., Piszcz, Justin |
Next by Date: |
[Veritas-bu] Storety, MCare Backup |
Previous by Thread: |
[Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1, 6.0)!, Mark.Donaldson AT cexp DOT com |
Next by Thread: |
[Veritas-bu] NetBackup (possible root) Exploit (4.5,5.0,5.1, 6.0)!, Steve Beuttel |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|