---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Symantec Veritas NetBackup Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32026 VERIFY ADVISORY: http://secunia.com/advisories/32026/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data, System access WHERE: >From remote SOFTWARE: VERITAS NetBackup Enterprise Server 6.x http://secunia.com/advisories/product/5850/ VERITAS NetBackup Enterprise Server 5.x http://secunia.com/advisories/product/4121/ VERITAS NetBackup Server 5.x http://secunia.com/advisories/product/4122/ VERITAS NetBackup Server 6.x http://secunia.com/advisories/product/5851/ DESCRIPTION: Some vulnerabilities have been reported in Symantec Veritas NetBackup, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to overwrite arbitrary files or compromise a vulnerable system. 1) An unspecified error in the JAVA Administration GUI (jnbSA) can be exploited to execute restricted commands with escalated privileges. Successful exploitation requires a valid user account and GUI access. 2) Multiple vulnerabilities are caused due to an insecure method and various boundary errors present in the PVATLCalendar.PVCalendar.1 (pvcalendar.ocx) ActiveX control. For more information: SA27885 The vulnerabilities are reported in Symantec Veritas NetBackup Server and Symantec Veritas NetBackup Enterprise Server versions 5.1, 6.0, and 6.5. SOLUTION: Update to a fixed version. Symantec Veritas NetBackup Server/Enterprise Server 5.1: Update to version 5.1MP7. http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER30455 Symantec Veritas NetBackup Server/Enterprise Server 6.0: Update to version 6.0MP7. http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER32168 Symantec Veritas NetBackup Server/Enterprise Server 6.5: Update to version 6.5.2. http://www.symantec.com/business/support/downloads.jsp?pid=15143&version=NBUESVRPVER31008 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Kyle Noonan of Sun Microsystems. 2) JJ Reyes, Secunia Research ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2008.09.24a.html http://seer.support.veritas.com/docs/308669.htm OTHER REFERENCES: SA27885: http://secunia.com/advisories/27885/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------