cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Upgrade operating system for Symantec Appliance 5220

Go to solution
Itegral
Level 6

‎05-31-2015 03:46 AM

Our Information Security team, as per the annual audit, scanned the hosts for vulnerability and found that the OS on these appliance is very old - scan output message says, "Unsupported Unix Operating System".

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Question:

We have upgraded the Appliance to version 2.6.1.1, however that does not upgrade the underlying OS.

Is there any technote from Symantec supporting that OS shall remain the same or plans on upgrading the Appliance OS etc. in detail?

 

Thanks All.

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Andrew_Madsen
Level 6
Partner

‎05-31-2015 04:49 AM

SLES 11 SP1 is not "very old" and is supported in all of the scanning tools I have ever encountered. Their scanning system made a mistake.

Every upgrade addresses vulnerabilities in the operating system so I cannot imagine it being that far out of date at 2.6.1.1.

As far as tech note there is not since future upgrades are forward looking. However, I believe the word is that 2.7.1 will move to RHEL of some flavor possibly 7. 

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
Andrew_Madsen
Level 6
Partner

‎05-31-2015 04:49 AM

SLES 11 SP1 is not "very old" and is supported in all of the scanning tools I have ever encountered. Their scanning system made a mistake.

Every upgrade addresses vulnerabilities in the operating system so I cannot imagine it being that far out of date at 2.6.1.1.

As far as tech note there is not since future upgrades are forward looking. However, I believe the word is that 2.7.1 will move to RHEL of some flavor possibly 7. 

0 Kudos

Go to solution
Itegral
Level 6

‎05-31-2015 10:28 PM

thank you for your response. I have forwarded your comments to them.

They have also identified the following;

"According to the banner, OpenSSH earlier than 4.7 is running on the remote host"

Such versions contain an authentication bypass vulnerability.  In the event that OpenSSH cannot create an untrusted cookie for X, for example due to the temporary partition being full, it will use a trusted cookie instead.  This allows attackers to violate intended policy and gain privileges by causing their X client to be treated as trusted.

Appreciate your comments please.

0 Kudos

Go to solution
Andrew_Madsen
Level 6
Partner

‎06-01-2015 02:33 AM

Xserver is not enabled on the appliance. I do not even think the binaries are loaded. You cannot go to init 5 on the device. If there is still a concern then I would suggest opening a ticket with Veritas and ask them to address it or find out if it is addressed in 2.6.1.2.

0 Kudos

Go to solution
Marianne
Level 6
Partner    VIP    Accredited Certified

‎06-01-2015 04:25 AM

Any kind of security concerns must be taken up with Symantec Support directly.

We can comment from user perspective, but I guess your IS team will need official response.


Handy NetBackup Links
0 Kudos

Go to solution
D_Flood
Level 6

‎06-02-2015 10:17 AM

Today's release of 2.6.1.2 might also address some of the identified issues on the Appliance:

 

https://www-secure.symantec.com/connect/forums/netbackup-appliances-2612-now-available

 

0 Kudos