cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Does these patches put any impact on VCS

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-14-2010 04:38 AM

Does these patches put any impact on VCS ? if we install those patches on VCS machines


Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) - Network check
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx )

Symantec Storage Foundation VxSchedService.EXE Scheduler Service Authentication Bypass Vulnerability
http://www.symantec.com/avcenter/security/Content/2007.06.01.html0000000 )

Veritas Storage Foundation Multiple Service Remote DoS (SYM08-004)


Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability
( Force the use of SSL as a transport layer for this service. )

Terminal Services Encryption Level is not FIPS-140 compliant
(  Change RDP encryption level to :
4. FIPS Compliant )

ICMP Timestamp Request Remote Date Disclosure
( Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). )

Microsoft SQL Server TCP/IP Listener Detection
( Restrict access to the database to allowed IPs only. )
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
David_Honeycutt
Level 4
Employee

‎04-14-2010 06:01 AM


Hi Zahid,

The Symantec and Veritas patches you have listed are critical patches and it is recommended that they should be applied to your VCS Cluster nodes. I have not seen any Customer issues related to VCS after applying these patches.

The Microsoft patches you list are also critical and I cannot speak for Microsoft specifically, but we have not seen any Customer issues caused or related to VCS after applying these patches.

The "ICMP Timestamp Request Remote Date Disclosure" seems to be coming from a Nessus Scan Report, but I cannot find any patches for it from Symantec/Veritas or Microsoft. However, It is listed with a Risk factor of Low (if this is the same information you are using).

VCS does use ICMP to communicate for Global Cluster Option (GCO Heartbeats) and the following Technote outlines the ports used for SFW and SFW-HA:

http://support.veritas.com/docs/286714

View solution in original post

0 Kudos
20 REPLIES 20

Go to solution
David_Honeycutt
Level 4
Employee

‎04-14-2010 06:01 AM


Hi Zahid,

The Symantec and Veritas patches you have listed are critical patches and it is recommended that they should be applied to your VCS Cluster nodes. I have not seen any Customer issues related to VCS after applying these patches.

The Microsoft patches you list are also critical and I cannot speak for Microsoft specifically, but we have not seen any Customer issues caused or related to VCS after applying these patches.

The "ICMP Timestamp Request Remote Date Disclosure" seems to be coming from a Nessus Scan Report, but I cannot find any patches for it from Symantec/Veritas or Microsoft. However, It is listed with a Risk factor of Low (if this is the same information you are using).

VCS does use ICMP to communicate for Global Cluster Option (GCO Heartbeats) and the following Technote outlines the ports used for SFW and SFW-HA:

http://support.veritas.com/docs/286714
0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-14-2010 09:58 PM

Thanks David

Would you please let me know how can i confirm my VCS nodes are up to date?
0 Kudos

Go to solution
David_Honeycutt
Level 4
Employee

‎04-15-2010 05:47 AM


HI Zahid,

What version are you running on your VCS nodes?
0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-15-2010 05:53 AM


version 5.0
0 Kudos

Go to solution
David_Veber
Level 4
Employee Accredited

‎04-15-2010 06:32 AM

Well as far as "up to date" goes, You should be running  Rp2 for 5.0. Although the latest version of the 5.x series is 5.1 SP1.

Patching for windows is usually a case by case basis. If you are having a particular issue we would recommend the patch that resolves the issue but we normally do not recommend patching for the sake of patching.  Stick to the rollup packs and service packs as far as SFW-HA goes, Oh and any security patches as well of course.

David V
0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-15-2010 07:23 AM


David as you said

""Stick to the rollup packs and service packs as far as SFW-HA goes""

I am currently using RP1a on sfha5.0 and my VCS has been working 100% fine for about 18months .....so its good that i dont install RP2 because as you said

""we normally do not recommend patching for the sake of patching""  :)
0 Kudos

Go to solution
David_Honeycutt
Level 4
Employee

‎04-16-2010 05:26 AM

Hi Zahid,

SFW-HA 5.0 RP1a is good solid version, as you have proven from the "100% fine for about 18 months" comment.

I do recommend that you refer to the following document that outlines the Fixed Issues in RP2, starting on page 63

Veritas Storage Foundation and High Availability Solutions for Windows, Release Notes, 5.0 Rollup Patch 2:
ftp://ftp.entsupport.symantec.com/pub/support/documentation/SFWHA_ReleaseNotes_50RP2.pdf

I also recommend taking a look at the Veritas Operations Services (VOS) site:

https://vos.symantec.com/home

If you already have a SymAccount Login, use it to login, if not, just register and create one

Once you're logged in, have a look at Download -> Patches and under the respective Versions / Platforms, you're find Rolling patches (RP) and Hot fixes (HF) available for download.

That way, in the unlikely event that you encounter any of those issues in your VCS Cluster, you will know exactly what it is and how to address it.

Sincerely,
David Honeycutt
0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-16-2010 06:40 AM

HI David Veber

As you said """"Well as far as "up to date" goes, You should be running  Rp2 for 5.0""""

Does RP2 covers both below patches of Veritas ?



1.) Symantec Storage Foundation VxSchedService.EXE Scheduler Service Authentication Bypass Vulnerability
http://www.symantec.com/avcenter/security/Content/2007.06.01.html0000000 )

2.) Veritas Storage Foundation Multiple Service Remote DoS (SYM08-004)


So i only need to install RP2 and my both above symantec/veritas patches will be coverd in RP2? right ?


0 Kudos

Go to solution
David_Veber
Level 4
Employee Accredited

‎04-16-2010 08:20 AM

Hi Zahid,

I have seen a few threads that state those are fixed in RP2 but I am still searching for Documentation that shows it. I will post it as soon as I find it.

I have confirmed that
Symantec Security Advisory SYM07-009 - Veritas Storage Foundation 5.0 for Windows: Authentication Bypass and Potential Code Execution in Scheduler Service
http://support.veritas.com/docs/288627

is included in RP2 but i am still searching for the other one.

0 Kudos

Go to solution
David_Veber
Level 4
Employee Accredited

‎04-16-2010 08:28 AM

OK I have confirmed them both. They are fixed in RP2. I Will contact the Person who maintains those tech refrences as there should be the version listed they are fixed in.

David V
0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-16-2010 08:43 AM


Ohh thanks David and all other friends :)
David may i get any symantec document which shows these patches are getting cover in it (if possible)

Again thanks
0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-16-2010 09:06 AM


The ""Symantec Storage Foundation VxSchedService.EXE Scheduler Service Authentication Bypass Vulnerability"" covered in RP2

ftp://ftp.entsupport.symantec.com/pub/support/documentation/SFWHA_ReleaseNotes_50RP2.pdf

Page no. 60, point no.3
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

but i have not found the information for below


Veritas Storage Foundation Multiple Service Remote DoS (SYM08-004)


0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-16-2010 09:28 AM

one more question for all friends

How can i audit / scan my sfha 5.0 ? so i then apply the required RP or patch etc
0 Kudos

Go to solution
David_Veber
Level 4
Employee Accredited

‎04-16-2010 09:40 AM

That is the documentation that I looked at orginally but I did go back into internal documentation to confirm that included both fixes.
0 Kudos

Go to solution
David_Veber
Level 4
Employee Accredited

‎04-16-2010 09:44 AM

I dont understand the what you mean by Audit / Scan, Can you reword that? Are you asking about what needs to be done before you upgrade?

Thanks
0 Kudos

Go to solution
Zahid_Haseeb
Moderator
Moderator
Partner    VIP    Accredited

‎04-16-2010 10:13 AM

i actually asking, is that any software which can scan the veritas product for any patch required.
got it ?

0 Kudos

Go to solution
David_Veber
Level 4
Employee Accredited

‎04-16-2010 10:30 AM

No there is not, Windows patches for issues are only handed out when you are having the issue. There is a list of public patchs on VOS though most windows patches are private and are handed out when the issue is confirmed through support.

You can use the patch finder for public patches. Just select SF or HA and then the version and then the OS.
https://vos.symantec.com/patch/finder
0 Kudos

Go to solution
David_Veber
Level 4
Employee Accredited

‎04-16-2010 10:39 AM

Feel free to provide feed back to the VOS site on risk assesment for Windows. I would like to see that feature for windows as well.
0 Kudos

Go to solution
HDVU
Not applicable

‎05-03-2010 01:20 PM

Hello,

I am new to Symantec AV. My SAV is installed in a Windows 2000 server (will be migrated to 2003 or 2008 soon.)  My Retina Scanner reported the following vulnerability in one of my servers:
Vulnerability: Tandberg VCS helppage.php Directory Traversal.
Description: Tandberg Video Communication Server (VCS) contains a vulnerability in the "helppage.php" scrip.
How To FixUpgrade firmware to a fixed release.

I searched http://ftp.tandberg.com/pub/software/vcs and found that I need to know my VCS version first.  I would like to ask you few questions:
1) Is this vulnerability related to MS Windows or SAV?
2) How do I find my Tandberg VCS version?
3) What is the appropriate patch for this vulnerability?
Thanks.
HDVU
0 Kudos