Patch-ID# 119670-01 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: sun storedge enterprise backup software 7.1 su3 ebs networker 7.1.3 32-bit security Synopsis: Sun StorEdge EBS 7.1: Product Patch Date: Aug/16/2005 Install Requirements: NA Solaris Release: 7 8 9 SunOS Release: 5.7 5.8 5.9 Unbundled Product: StorEdge Enterprise Backup EBS Unbundled Release: 7.1 Xref: Topic: Sun StorEdge EBS 7.1: 32-bit Product Patch Relevant Architectures: sparc BugId's fixed with this patch: 6250875 6257097 6273909 6279555 6299285 6299292 6299296 Changes incorporated in this version: 6299296 6299292 6299285 Patches accumulated and obsoleted by this patch: 116835-02 119669-01 Patches which conflict with this patch: Patches required with this patch: 116826-05 (or greater) Obsoleted by: Files included with this patch: /sbin/nsr/ansrd /sbin/nsr/nsrclone /sbin/nsr/nsrd /sbin/nsr/nsrexecd /sbin/nsr/nsrmmd /sbin/nsr/nsrstage /sbin/nsr/scanner /sbin/nsr/tapeexercise Problem Description: 6299296 EBS portmapper allows remote calls to pmap_set and pmap_unset 6299292 The EBS Database server's authentication scheme can be circumvented 6299285 EBS' AUTH_UNIX authentication scheme can be circumvented (from 119669-01) 6273909 failures with NetWare recovers, cloning and staging in EBS 7.1, 7.2 6279555 automatic save set cloning fails under EBS 7.1 (from 116835-02) 6257097 EBS patch 116835-01 audit failed due to wrong information in pkginfo file (from 116835-01) 6250875 Request Sun patch for NW LGTpa69733 fix Patch Installation Instructions: ------------------------------------------------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions are described below as special install instructions, if any is applicable. ------------------------------------------------------------------------- Special Install Instructions: ------------------------------------------------------------------------- In order to fully protect your system, you will be required to disable the directed recover feature. 1. Install the EBS 7.1 SU3 patch. 2. In the nsrla resource of the nsrexecd service, disable the directed recover option. Set the attribute to YES; the default setting is NO. To update the Disable the Directed Recover attribute: a) Enter nsradmin ?s -p nsrexecd from the command line. b) Enter 'update disable directed recover:Yes' from nsradmin program c) Type 'y' after Update? 3. For each EBS server, storage node, and client, set the NSR_BLOCK_ADMIN environment variable to YES. 4. For each EBS server, set the NSR_REQUIRE_ROOT environment variable to YES. ------------------------------------------------------------------------- The following are BugTraq IDs considered fixed in this patch: Sun Bug ID Legato Bug ID Description ---------- ------------- -------------------------------------------- 6299296 LGTpa74792 Lgtomapper allows one to register and unregister ports from remote machines 6299292 LGTpa78969 Allow disabling of action command editing LGTpa79254 Local root user can not create a custom notification 6299285 LGTpa78920 Remove nsrfile LGTpa78968 Spawning of nsradmin through nsrexecd should be blockable (included in 119669-01) 6273909 LGTpa75831 failures with NetWare recovers, cloning and staging in EBS 7.1, 7.2 6279555 LGTpa75831 automatic save set cloning fails under EBS 7.1 (included in 116835-02) 6257097 EBS patch 116835-01 audit failed due to wrong information in pkginfo file (included in 116835-01) 6250875 LGTpa69733 Request Sun patch for NW LGTpa69733 fix From ESG NetWorker 7.1.3 README for CERT Reported Security Issues ------------------------------------------------------------------ LGTpa78920 - Remove nsrfile LGTpa74792 - Lgtomapper allows one to register and unregister ports from remote machines LGTpa78968 - Spawning of nsradmin through nsrexecd should be blockable LGTpa79254 - Local root user can not create a custom notification LGTpa78969 - Allow disabling of action command editing From ESG NetWorker 7.1.3 README for Misc. Fixes ----------------------------------------------- LGTpa77158 - backup of bootstrap fails after LGTpa75831 applied LGTpa75442 - REGRESS: nsrndmp_save: Data loss while spanning across 2 volumes From ESG NetWorker 7.1.3 LGTpa75831 README ------------------------------------------ LGTpa75225 -- combo fix (provided as product alert fix) for 7.1.3 NW. LGTpa49921 - Enhance mmd's update and error handling with the media db (it's a parent/duplicate of LGTpa72593 and parent of LGTpa75148) LGTpa56248 - FSC: save set tail missing in media db after vol-span LGTpa69733 - Data Loss: NetWorker overwrites data on volumes LGTpa70152 - Recover/cloning of small savesets from file type device fails LGTpa72374 - Written information not calculated correctly for AFT device LGTpa74425 - Code cleanup in 'end_cloned_saveset()' in 'mm/mm_save.c' LGTpa72550 -- nsrclone gives erroneous 'skipping incomplete save set ' parent of LGTpa72614 LGTpa73382 LGTpa73836 LGTpa73836 LGTpa75430 -- REGRESS: auto-nsrstage coredumps when migration continued SS of LGTpa72413 + LGTpa69709 LGTpa72413 - **Regress: Recovery of ss >2 GB hangs /fails from NW 7.1.3 Server LGTpa69709 - REGRESS Client license is insufficient after going to 7.1.2 Child of LGTpa67576, and Parent of LGTpa72190 LGTpa72491 LGTpa72290 LGTpa73725 LGTpa74265 LGTpa75526 LGTpa73725 README -- Last modified date: Tuesday, August 16, 2005