Solution Type Sun Alert Solution 200524 : Security Vulnerabilities in the Sun StorEdge Enterprise Backup Software
Previously Published As 101886 Product Sun StorageTek Enterprise Backup Software 7.2 Sun StorageTek Enterprise Backup Software 7.0 Solstice Backup 6.0 Solstice Backup 6.1 Sun StorageTek Enterprise Backup Software 7.1 Bug ID 6299292, 6299296, 6299285 Date of Workaround Release 16-AUG-2005 Date of Resolved Release 01-SEP-2005 SA Document Body 30GDUTB Internal ID use only. Impact Security vulnerabilities in the Sun StorEdge Enterprise Backup Software may result in one or both of the following issues: 1. A remote unauthorized user may be able to circumvent the authentication procedure in the Sun StorEdge Enterprise Backup Software, and also the database server which forms part of the software, to gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) to the backup server. The remote user may be able to view files backed up by the software from other hosts, regardless of the permissions, and may be able to use the server to run arbitrary commands on other hosts running as backup clients. In addition, a local unprivileged user may be able to gain elevated privileges on a system running the StorEdge Enterprise Backup Software. This issue is referenced in the following documents:
2. A remote unauthorized user may be able to access the port mapping configuration of the Sun StorEdge Enterprise Backup server to cause a denial of backup service to the backup server or reconfigure the port mappings to achieve goals such as eavesdropping on network communication. This issue is referenced in the following documents: Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Symptoms There are no reliable symptoms that would indicate the described issues have been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Note 1: Sun StorEdge Enterprise Backup Software (EBS) 7.0 and earlier will require an upgrade to a later release with the associated patches installed to address these issues. Note 2: The patches mentioned in this Sun Alert are for Solaris SPARC and x86 platform support only. Customers with non-Solaris UNIX platforms can go to the following location for the resolution to these issues: Modification History FKM9DT5 Internal ID use only. Date: 17-AUG-2005 Change History
Date: 18-AUG-2005
Date: 01-SEP-2005
Attachments This solution has no attachment
|
| ||||||||||||||||||||||||||||||||||||||||||||