Veritas-bu

[Veritas-bu] qualys vulnerability

2007-02-28 16:02:05
Subject: [Veritas-bu] qualys vulnerability
From: StumpB at michigan.gov (Bob Stump)
Date: Wed, 28 Feb 2007 16:02:05 -0500
They are unable to exploit it. 
The specail patch and/or subsequent MP's resolves the problem.
The problem is the software does not acknowledging that the resolution
has been accomplished.
 


>>> "Martin, Jonathan (Contractor)" <JMARTI05 at intersil.com> 2/28/2007
1:54 PM >>>

Is the software saying the problem still exists because it doesn't see
the new NBU version, or because it is exploiting the code vulnerability?
 
 
Call me crazy but..... If their software says you have problem, but
can't prove it then short of running the exploit yourself (which IMO is
a major waste of time) then the NBU documentation should suffice.  If
their software is infact exploiting that problem and you are running a
future release then someone needs to inform Symantec.  I find the latter
unlikely... 
 
Stupid politics...
 
-Jonathan

From: veritas-bu-bounces at mailman.eng.auburn.edu
[mailto:veritas-bu-bounces at mailman.eng.auburn.edu] On Behalf Of Bob
Stump
Sent: Wednesday, February 28, 2007 1:14 PM
To: veritas-bu at mailman.eng.auburn.edu
Subject: [Veritas-bu] qualys vulnerability




There is a scanning software provided by "Qualys" that has a problem
but they REFUSE to fix their scanning software. The scanning software
reports the vulnerability discussed in this notice but fails to report
that the proper MP was applied to resolve the vulnerability. This is
what our security group calls a "false positive".  They then require
that paper work be submitted to negate the "false positive".  I think
the scanning software should be fixed to NOT report a vulnerability, if
the proper resolution has already been applied. Am I wrong?
 
Here is the initial symantec resolution
A vulnerability has recently been discovered, which affects the
bpjava-msvc logon process within VERITAS NetBackup (tm) 4.5, 5.0, 5.1,
and 6.0 (including maintenance and feature packs). This vulnerability
could potentially allow remote malicious users to execute arbitrary
code.
http://support.veritas.com/docs/279085
 
The above resolution IS INCLUDED in subsequent maintenance packs.
 
BTW: I asked our security group to contact the source and get it fixed
but they said they had no confidence that the resolution from symantec
is adequate.
here is their website
http://www.qualys.com/products/overview/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
http://mailman.eng.auburn.edu/pipermail/veritas-bu/attachments/20070228/38bae36d/attachment.htm

<Prev in Thread] Current Thread [Next in Thread>