This page lists publically-released patches for Veritas Enterprise Products.
For Product GA build, see Veritas Entitlement Management System(VEMS) by clicking the Veritas Support 'Licensing' option.
For information on private patches, contact Veritas Technical Support.
Veritas is making it easier to find all software installers and updates for Veritas products with a completely redesigned experience. NetBackup HotFixes and NetBackup Appliance patches are now also available at the new Veritas Download Center.
Patches for your product can have a variety of names. These names are based on product, component, or package names. For more information on patch naming conventions and the relationship between products, components, and packages, see the SORT online help.
sig_vrtsweb-rhel4_x86_64-5.0MP3HF1
Sign in if you want to rate this patch.

 Basic information
Release type: Hot Fix
Release date: 2009-11-20
OS update support: None
Technote: None
Documentation: None
Popularity: 588 viewed    50 downloaded
Download size: 339.13 KB
Checksum: 3058243210

 Applies to one or more of the following products:
Storage Foundation 5.0MP3 On RHEL4 i686
Storage Foundation 5.0 On RHEL4 x86-64
Storage Foundation 5.0MP2 On RHEL4 x86-64
Storage Foundation 5.0MP3 On RHEL4 x86-64
Storage Foundation 5.0MP3 On RHEL5 i686
Storage Foundation 5.0MP3 On RHEL5 x86-64
Storage Foundation 5.0MP3 On SLES10 i586
Storage Foundation 5.0MP3 On SLES10 x86-64
Storage Foundation 5.0MP3 On SLES9 i586
Storage Foundation 5.0MP3 On SLES9 x86-64
Storage Foundation HA 5.0MP3 On RHEL4 i686
Storage Foundation HA 5.0 On RHEL4 x86-64
Storage Foundation HA 5.0MP2 On RHEL4 x86-64
Storage Foundation HA 5.0MP3 On RHEL4 x86-64
Storage Foundation HA 5.0MP3 On RHEL5 i686
Storage Foundation HA 5.0MP3 On RHEL5 x86-64
Storage Foundation HA 5.0MP3 On SLES10 i586
Storage Foundation HA 5.0MP3 On SLES10 x86-64
Storage Foundation HA 5.0MP3 On SLES9 i586
Storage Foundation HA 5.0MP3 On SLES9 x86-64

 Obsolete patches, incompatibilities, superseded patches, or other requirements:
None.

 Fixes the following incidents:
1650451

 Patch ID:
None.

 Readme file  [Save As...]
Date: 2009-11-20
OS: Linux
OS Version: RHEL4 i686, RHEL4 x86_64, RHEL5 i686, RHEL5 x86_64, SLES9 i586, SLES9 x86_64, SLES10 i586, SLES10 x86_64
Etrack Incidents: 1650451

Problem description:
-------------------
Symantec VRTSweb, a shared component shipped with many Symantec Veritas products, is susceptible to a remoteremote code-execution vulnerability. This vulnerability is caused by the improper validation of incoming data over port 14300. An attacker with administrative privileges on the targeted system can leverage this issue to execute arbitrary code.

Affected versions:
-----------------
Following versions of the Storage Foundation and High Availability products  on Linux platforms are affected:
SF 5.0
SF 5.0 MP2
SF 5.0 MP3

Resolution:
----------
The vulnerability can be avoided by applying this provided patch.

Installing the patch:
--------------------
Stop any web application and then the webgui:

# /opt/VRTSweb/bin/webgui stop

Backup the file /opt/VRTSweb/catalina5/server/lib/vrtsserver.jar to another location
Remove the file /opt/VRTSweb/catalina5/server/lib/vrtsserver.jar
Copy the new vrtsserver.jar file to /opt/VRTSweb/cataline5/server/lib
Restart the webgui:

# /opt/VRTSweb/bin/webgui start



Read and accept Terms of Service