Symantec NetBackup PureDisk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                  ESB-2006.0587 -- [Win][Linux][NetWare]
  Symantec NetBackup PureDisk: Non-Privileged User Authentication Bypass
                              17 August 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Veritas NetBackup PureDisk Remote Office Edition 6.0
Publisher:            Symantec
Operating System:     Windows
                      Linux variants
                      NetWare
Impact:               Administrative Compromise
Access:               Remote/Unauthenticated

Original Bulletin:    
  http://www.symantec.com/avcenter/security/Content/2006.08.16.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Symantec Security Advisory

SYM06-015

16 August 2006 

Symantec NetBackup PureDisk:  Non-Privileged User Authentication Bypass
Elevation of 
Privilege

Revision History
None 

Severity
Medium (highly dependent on network configuration) 

Remote Access
Yes
Local Access
No
Authentication Required
Yes (to network) 
Exploit publicly available
No

Overview
Symantec discovered a security issue in Symantec's Veritas NetBackup 6.0
PureDisk Remote 
Office Edition. An unauthorized user with access to the network and the
server hosting the 
management interface can potentially bypass the management interface
authentication to gain 
access and elevate their privileges on the system.

Supported Product(s) Affected 
Product:  Symantec Veritas NetBackup PureDisk Remote 
Office Edition (all platforms)
Version: 6.0
Builds: GA, MP1
Solution: NB_PDE_60_MP1_P01

NOTE: For systems running NetBackup 6.0 GA PureDisk Remote Office Edition
it will be 
necessary to install Maintenance Pack 1  prior to applying this Security
Pack.
This issue ONLY affects the product and versions listed above. 
 
Details
An internal review revealed a potential elevation of privilege issue in the
Symantec Veritas 
NetBackup PureDisk management interface.  The management interface is
accessible only 
through an SSL web connection by default.  However it is possible for a
non-privileged user with 
access to the network and the server hosting the Symantec Veritas NetBackup
PureDisk 
management interface, to bypass the management interface authentication and
further leverage 
their access to elevate privileged access on the server.

Symantec Response
Symantec engineers have addressed the issues identified above and made
Security updates 
available.
Symantec strongly recommends all customers apply the latest security update
to protect against 
threats of this nature.
Symantec knows of no exploitation of or adverse customer impact from these
issues.


The patches listed above for affected products are available through the
following location: 
 http://support.veritas.com/docs/284734 for Symantec Veritas NetBackup
PureDisk Remote 
Office Edition.

Best Practices 
As part of normal best practices, Symantec recommends: 
- - - Restrict access to administration or management systems to authorized
privileged users 
only
- - - Block remote access to all ports not essential for efficient operation
- - - Restrict remote access, if required, to trusted/authorized systems only
- - - Remove/disable unnecessary accounts or restrict access according to
security policy as 
required 
- - - Run under the principle of least privilege where possible
- - - Keep all operating systems and applications updated with the latest
vendor patches 
- - - Follow a multi-layered approach to security. Run both firewall and
antivirus applications, 
at a minimum, to provide multiple points of detection and protection to
both inbound and 
outbound threats 
- - - Deploy network intrusion detection systems to monitor network traffic for
signs of 
anomalous or suspicious activity. This may aid in detection of attacks or
malicious 
activity related to exploitation of latest vulnerabilities

CVE 
A CVE Candidate name is being requested from the Common Vulnerabilities and
Exposures 
(CVE) initiative for this issue. This advisory will be revised accordingly
upon receipt of the CVE 
Candidate name.
This issue is a candidate for inclusion in the CVE list
(http://cve.mitre.org), which standardizes 
names for security problems. 


 






- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRON2CBy6+gFWHby+AQhJAwf/dXuTHhkFJ+cqnVxFiDaBdpH0zkrb0zDU
H9d6txyy7kiFa8D8Ul2bVHT0fARLmkiCzOrdkOKujV/cIgORSGm5MaghJpOnz6mB
/eM7G/iv2AWfxjHVByDrWxnDP3+MQIBCLH+oix5TthcipHLOONoEK2NowJm/idoa
rkyDIzDLbx9zzikD89BwIn2BiR0DZFm8wpF4D3X0PTQFsh/klfy39LOjQgM/HDZN
mrNL9OQyTjif+L9SkGKGHgOavTOrVwZqn52u7a2D/RHTy7iWuFNpy1Md8yLa/hZg
Yhb3CLAHwAPFHz1d86rWscsu3ERLdGaKjgxoWFlKyKSVfaXGIxxzeA==
=+N1w
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBROO7Uyh9+71yA2DNAQKvSAP/Y2+vlzkBbe2JW55PDnHj7fQ4tQqo4wCQ
6ERXIxt4iPUIxLq2Gfw+tol/kd0/JNy3+r5GVxTm9XZTouZFzELyrUXCnq9/qjMg
cH+r/wtDMXkbRnOI027lUIl147KLpBl0rybCJZDk6tcl0tzewDrNk4tLGY8eQx01
qOzjLXZvmX4=
=1hGv
-----END PGP SIGNATURE-----