November 2005
Three Sun Microsystem Notifications
ID: 01054
Ref: 989/2005
Date: 30 November 2005:14:26:40
Version: 1
Title: Three Sun Microsystem Notifications
Abstract:
Vendors affected: Sun
Operating systems affected: Sun
Applications affected: Sun
Title
=====
Three Sun Microsystem Notifications:
1. 102054 - Security Vulnerability in Symantec/VERITAS NetBackup
2. 102017 - Security Vulnerability With Java Management Extensions in the
Java Runtime Environment may Allow Untrusted Applet to Elevate Privileges
3. 102016 - The Solaris Management Console (SMC) Enables TRACE HTTP by Default
Detail
======
1. A Security vulnerability affecting Java GUI applications "jnbSA" and
"jbpSA" within Symantec/VERITAS NetBackup may allow a remote
unprivileged user the ability to execute arbitrary code with elevated
privileges on a targeted system.
2. A vulnerability with the Java Management Extensions (JMX)
implementation included with the Java Runtime Environment (JRE) may
allow an untrusted applet to elevate its privileges. For example an
applet may grant itself permissions to read and write local files or
execute local applications that are accessible to the user running the
untrusted applet.
3. The Solaris Management Console (smc(1M)) is a graphical user interface
that provides access to Solaris system administration tools which
includes a web server that runs on port 898. This SMC web server
enables the HTTP TRACE method by default which may allow a local or
remote unprivileged user the ability to access sensitive information,
such as cookies or authentication data, contained in the HTTP headers
of an HTTP TRACE request.
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
ESB-2005.0950 -- Sun Alert Notification 102054
Security Vulnerability in Symantec/VERITAS NetBackup
30 November 2005
===========================================================================
Product: VERITAS NetBackup 6.0 and prior
Publisher: Sun Microsystems
Operating System: Windows
Solaris
UNIX variants
Linux variants
Mac OS X
Impact: Root Compromise
Administrator Compromise
Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
Ref: AL-2005.003.00
Original Bulletin: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102054-1
- - --------------------------BEGIN INCLUDED TEXT--------------------
Sun(sm) Alert Notification
* Sun Alert ID: 102054
* Synopsis: Security Vulnerability in Symantec/VERITAS NetBackup
* Category: Security
* Product: VERITAS NetBackup 6.0, VERITAS NetBackup 5.1 Software,
VERITAS NetBackup 4.5 Software, VERITAS NetBackup 3.4 Software,
VERITAS NetBackup 5.0 Software
* BugIDs: 6339204
* Avoidance: Patch, Upgrade, Workaround
* State: Resolved
* Date Released: 28-Nov-2005
* Date Closed: 28-Nov-2005
* Date Modified:
1. Impact
A Security vulnerability affecting Java GUI applications "jnbSA" and
"jbpSA" within Symantec/VERITAS NetBackup may allow a remote
unprivileged user the ability to execute arbitrary code with elevated
privileges on a targeted system.
This issue is also described in VERITAS support document 279085:
* http://support.veritas.com/docs/279085
2. Contributing Factors
This issue can occur in the following releases:
* VERITAS NetBackup 3.4
* VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5
Maintenance Pack track without patch 119004-01
* VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5
Feature Pack track without patch 119005-01
* VERITAS NetBackup Enterprise Server and NetBackup Server 5.0
without patch 119006-01
* VERITAS NetBackup Enterprise Server and NetBackup Server 5.1
without patch 119007-01
* VERITAS NetBackup Enterprise Server and NetBackup Server 6.0
without patch 119008-01
Windows platforms running 4.5 GA, 4.5 Maintenance Pack track, or
Windows platforms running 64-bit Windows (either Maintenance Pack or
Feature Pack), are not affected by this issue.
Windows platforms with NetBackup 5.0 running 64-bit Windows are also
not affected.
3. Symptoms
There are no reliable symptoms that would indicate the described issue
has been exploited.
4. Relief/Workaround
Refer to the following VERITAS support document for instructions on
how to work around the described issue:
* http://support.veritas.com/docs/279085
5. Resolution
This issue is addressed in the following releases:
* VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5
Maintenance Pack track with patch 119004-01 or later
* VERITAS NetBackup DataCenter and NetBackup BusinesServer 4.5
Feature Pack track with patch 119005-01 or later
* VERITAS NetBackup Enterprise Server and NetBackup Server 5.0 with
patch 119006-01 or later
* VERITAS NetBackup Enterprise Server and NetBackup Server 5.1 with
patch 119007-01 or later
* VERITAS NetBackup Enterprise Server and NetBackup Server 6.0 with
patch 119008-01 or later
Notes:
1. NetBackup 3.4 will require an upgrade to a later supported version
with the appropriate patches to resolve this issue. It is recommended
to implement the workaround described above until the software is
upgraded.
2. The patches mentioned in this Sun Alert are for Solaris SPARC and
x86 platform support only. Customers with non-Solaris UNIX platforms
and other NetBackup supported platforms can go to the following
location for the resolution to this issue:
* http://seer.support.veritas.com/docs/279085.htm
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved
- - --------------------------END INCLUDED TEXT--------------------
iQCVAwUBQ40hSih9+71yA2DNAQK2/QQAlccd8W2/i2+Tr+humuNk2u0s2qtTOZOv
vgttEl+KXjdb1sNSxRTJJZ1bvhgbSzG1V30kNbVNdCVuvd6JXEd27dPEi+/uopsV
LrohnHJRhtOVhvJfpgTq2d3QtEAZJu52SgQRlKSdf8XXPWmCJwlc0vqSwjfmLsMv
qltu/LYn02k=
=18gK
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
ESB-2005.0951 -- Sun Alert Notification 102017
Security Vulnerability With Java Management Extensions in the Java Runtime
Environment may Allow Untrusted Applet to Elevate Privileges
30 November 2005
===========================================================================
Product: Java 2 Platform, Standard Edition
Publisher: Sun Microsystems
Operating System: Windows
UNIX variants
Linux variants
Impact: Increased Privileges
Access: Remote/Unauthenticated
Original Bulletin: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102017-1
- - --------------------------BEGIN INCLUDED TEXT--------------------
Sun(sm) Alert Notification
* Sun Alert ID: 102017
* Synopsis: Security Vulnerability With Java Management Extensions
in the Java Runtime Environment may Allow Untrusted Applet to
Elevate Privileges
* Category: Security
* Product: Java 2 Platform, Standard Edition
* BugIDs: 6268876
* Avoidance: Upgrade
* State: Resolved
* Date Released: 28-Nov-2005
* Date Closed: 28-Nov-2005
* Date Modified:
1. Impact
A vulnerability with the Java Management Extensions (JMX)
implementation included with the Java Runtime Environment (JRE) may
allow an untrusted applet to elevate its privileges. For example an
applet may grant itself permissions to read and write local files or
execute local applications that are accessible to the user running the
untrusted applet.
Sun acknowledges, with thanks, Adam Gowdiak, for bringing this issue
to our attention.
2. Contributing Factors
This issue can occur in the following releases:
Java 2 Platform Standard Edition
* JDK and JRE 5.0 Update 3 (for Windows, Solaris and Linux)or
earlier
Note: SDK and JRE 1.4.2_xx and earlier, and 1.3.1_xx and earlier are
not affected. All Java Management Extensions (JMX) reference
implementations and all releases of the Java Dynamic Management Kit
(JDMK) are not affected by this issue.
To determine the default version of the JRE on a system:
for Windows:
Click "Start"
Select "Run"
Type "cmd"
At the prompt, type "java -fullversion"
for Solaris and Linux:
% java -fullversion
java full version "1.5.0_02-b09"
Note: The above command only determines the default version. Other
versions may also be installed on the system.
3. Symptoms
There are no reliable symptoms that would show the described issue has
been exploited.
4. Relief/Workaround
There is no workaround. Please see Resolution section below.
5. Resolution
This issue is addressed in the following releases:
Java 2 Platform Standard Edition
* JDK and JRE 5.0 Update 4 (for for Windows, Solaris, and Linux) or
later
J2SE 5.0 is available for download at the following links,
http://java.sun.com/j2se/1.5.0/download.jsp and http://java.com.
Note: It is recommended that affected versions be removed from your
system. For more information, see the installation notes on the
respective java.sun.com download pages.
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved
- - --------------------------END INCLUDED TEXT--------------------
iQCVAwUBQ40j9Sh9+71yA2DNAQKLlAP/QvSVt4XjIOKinjkfK980t4zGg/5Yrh6z
2xDNHR3RdPXe/OxUmF0jJsCxwLqIbWB6KTBGDe9R9f5OCB7LrnFuIe+MeAMq2q/6
zI4h00VICc35Nhs+ZOXhEMIA5lK+cFuHxO69yCNaQJVQEWYOGeLQZpEDyytnVKun
Plsb90UWd4k=
=hXZ4
- -----END PGP SIGNATURE-----
3.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
ESB-2005.0952 -- Sun Alert Notification 102016
The Solaris Management Console (SMC) Enables TRACE HTTP by Default
30 November 2005
===========================================================================
Product: Solaris 10 and prior
Publisher: Sun Microsystems
Operating System: Solaris
Platform: SPARC
IA-32
Impact: Access Privileged Data
Access: Remote/Unauthenticated
Ref: ESB-2005.0858
Original Bulletin: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102016-1
- - --------------------------BEGIN INCLUDED TEXT--------------------
Sun(sm) Alert Notification
* Sun Alert ID: 102016
* Synopsis: The Solaris Management Console (SMC) Enables TRACE HTTP
by Default
* Category: Security
* Product: Solaris 9 Operating System, Solaris 10 Operating System,
Solaris 8 Operating System
* BugIDs: 5090761
* Avoidance: Patch, Workaround
* State: Workaround
* Date Released: 26-Oct-2005
* Date Closed:
* Date Modified: 28-Nov-2005
1. Impact
The Solaris Management Console (smc(1M)) is a graphical user interface
that provides access to Solaris system administration tools which
includes a web server that runs on port 898. This SMC web server
enables the HTTP TRACE method by default which may allow a local or
remote unprivileged user the ability to access sensitive information,
such as cookies or authentication data, contained in the HTTP headers
of an HTTP TRACE request.
This issue is described in the CERT Vulnerability VU#867593 (see
http://www.kb.cert.org/vuls/id/867593).
Note: The HTTP TRACE method asks a web server to echo the contents of
the request back to the client for debugging purposes. The HTTP TRACE
method is described in the HTTP 1.1 standard (RFC 2616, section 9.8).
The TRACE method is enabled by default in Solaris Management Console
(SMC) webserver.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
* Solaris 8
* Solaris 9 without patch 116807-02
* Solaris 10 without patch 121308-01
x86 Platform
* Solaris 8
* Solaris 9 without patch 116808-02
* Solaris 10 without patch 121309-01
The described issue only occurs if the Solaris Management Console
(smc(1M)) is running on the system.
This can be determined by running the following command as the "root"
user:
# /etc/init.d/init.wbem status
Solaris Management Console server not running on port 898
# /etc/init.d/init.wbem status
Solaris Management Console server version 2.1.0 running on port 898
3. Symptoms
There are no predictable symptoms that would indicate the described
issue has occurred.
4. Relief/Workaround
The Trace method cannot be turned off. To workaround this issue until
patches can be applied, sites may disable the Solaris Management
Console (smc(1M)) by running the following command as the root user:
To stop the running of the smc(1M) server:
# /etc/init.d/init.wbem stop
To prevent the smc(1M) server from starting upon successive reboots:
# mv /etc/rc2.d/S90wbem /etc/rc2.d/disabled-S90wbem
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 9 with patch 116807-02 or later
* Solaris 10 with patch 121308-01 or later
x86 Platform
* Solaris 9 with patch 116808-02 or later
* Solaris 10 with patch 121309-01 or later
A final resolution is pending completion.
Change History
28-Nov-2005:
* Updated Contributing Factors and Resolution sections
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved
- - --------------------------END INCLUDED TEXT--------------------
iQCVAwUBQ40qfyh9+71yA2DNAQIz8wP+Lf4XCugB01vOZwq7W3trPrSYXdLMqzpy
tmp7RHaK9rzMTDh1j0Mi8cIbuOYA+igoMwnHYk7wgPFJFONuSU5jjdXgjzgIYqdX
YKE5no39jWAdX65/mBdO/D/WZWAseJR+byl2hWak8hzrp5Y0vOTq5Bo/+Ezj4hi6
bEQhHwOI0Fw=
=/uKY
- -----END PGP SIGNATURE-----