[Printer-Friendly Page]

Document Audience:PUBLIC
Document ID:200524
Old Document ID:(formerly 101886)
Title:Security Vulnerabilities in the Sun StorEdge Enterprise Backup Software
Copyright Notice:Copyright © 2008 Sun Microsystems, Inc. All Rights Reserved
Update Date:Thu Sep 01 00:00:00 MDT 2005

Solution Type Sun Alert

Solution  200524 :   Security Vulnerabilities in the Sun StorEdge Enterprise Backup Software  


Related Categories
  • Home>Content>Sun Alert Criteria Categories>Security
  •  
  • Home>Content>Sun Alert Release Phase>Resolved
  •  

Previously Published As
101886


Product
Sun StorageTek Enterprise Backup Software 7.2
Sun StorageTek Enterprise Backup Software 7.0
Solstice Backup 6.0
Solstice Backup 6.1
Sun StorageTek Enterprise Backup Software 7.1


Bug ID
6299292, 6299296, 6299285


Date of Workaround Release
16-AUG-2005


Date of Resolved Release
01-SEP-2005


SA Document Body
30GDUTB Internal ID use only.

Impact

Security vulnerabilities in the Sun StorEdge Enterprise Backup Software may result in one or both of the following issues:

1. A remote unauthorized user may be able to circumvent the authentication procedure in the Sun StorEdge Enterprise Backup Software, and also the database server which forms part of the software, to gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) to the backup server. The remote user may be able to view files backed up by the software from other hosts, regardless of the permissions, and may be able to use the server to run arbitrary commands on other hosts running as backup clients.

In addition, a local unprivileged user may be able to gain elevated privileges on a system running the StorEdge Enterprise Backup Software.

This issue is referenced in the following documents:

2. A remote unauthorized user may be able to access the port mapping configuration of the Sun StorEdge Enterprise Backup server to cause a denial of backup service to the backup server or reconfigure the port mappings to achieve goals such as eavesdropping on network communication.

This issue is referenced in the following documents:


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solstice Backup (SBU) 6.0
  • Solstice Backup (SBU) 6.1
  • Sun StorEdge Enterprise Backup Software (EBS) 7.0
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 without patch 119670-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1L without patch 120649-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 32-bit version without patch 116831-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 64-bit version without patch 116832-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2L without patch 116834-01

x86 Platform

  • Solstice Backup (SBU) 6.0
  • Solstice Backup (SBU) 6.1
  • Sun StorEdge Enterprise Backup Software (EBS) 7.0
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 without patch 119671-01
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 without patch 116833-01

Symptoms

There are no reliable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 119670-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.1L with patch 120649-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 32-bit version with patch 116831-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 64-bit version with patch 116832-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2L with patch 116834-01 or later

x86 Platform

  • Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 119671-01 or later
  • Sun StorEdge Enterprise Backup Software (EBS) 7.2 with patch 116833-01 or later

Note 1: Sun StorEdge Enterprise Backup Software (EBS) 7.0 and earlier will require an upgrade to a later release with the associated patches installed to address these issues.

Note 2: The patches mentioned in this Sun Alert are for Solaris SPARC and x86 platform support only. Customers with non-Solaris UNIX platforms can go to the following location for the resolution to these issues:



Modification History
FKM9DT5 Internal ID use only.

Date: 17-AUG-2005

Change History

  • Updated Contributing Factors and Resolution sections

Date: 18-AUG-2005
  • Added notes to the Relief/Workaround and Resolution sections

Date: 01-SEP-2005
  • State: Resolved
  • Updated Contributing Factors and Resolution sections


Attachments
This solution has no attachment

 
 
 
 
Would you recommend this Sun site to a friend or colleague?
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | Sun Support Version 7.0.0 (build #1)