Symantec Security Advisory SYM07-010 - Veritas Storage Foundation for Windows: Veritas Volume Replicator, Denial of Service in Veritas Administrative Service

Problem

Symantec Security Advisory SYM07-010 - Veritas Storage Foundation for Windows: Veritas Volume Replicator, Denial of Service in Veritas Administrative Service

Solution

Revision History

None

Severity

Low

Overview:

A Denial of Service (DoS) vulnerability has been identified and resolved in the Symantec Veritas Volume Replicator (VVR) option, specifically in the administrative service. Symantec VVR ships as a licensable option with Symantec Storage Foundation Solutions Suites. If the VVR option is installed, successful implementation of a DoS attack could terminate the service or, in some circumstances, resource exhaustion,  as a result of the DoS,  could lead to additional system degradation.

Affected Products and Versions:
  • Volume Manager 3.1 Hotfix 5 (VxVM+HF5)
  • Storage Foundation for Windows (SFW) 4.1
  • SFW 4.1 Rollup Patch (RP) 1
  • SFW 4.2
  • SFW 4.2 RP1
  • SFW 4.2 RP2
  • SFW 4.3
  • SFW 4.3 Maintenance Pack (MP) 1


To determine if the VVR option is installed on a system:

From a command prompt, run the command vxrvg.exe as system or domain administrator
If the command is not found, the VVR option is not installed and the system is not vulnerable
If the command is found, the system is vulnerable.

The Issue:

The DoS is caused by failure to properly validate incoming data passed to the VVR service. A specifically crafted packet passed to the vulnerable service could result in the VVR administrative service terminating unexpectedly. The VVR administration service will require a restart. This type of attack could also potentially lead to degraded application functions on the targeted system or to the overall system due to excessive CPU resource consumption during memory allocation attempts prior to VVR Administrative Service termination.
This DoS, if successfully exploited, will most likely be the result of an internal attack by a malicious user on the network since the affected service port should not normally be accessible externally to other than authorized users. Any potentially successful attack by a non-authorized remote attacker will most likely be a scenario of interactive user involvement by enticing a user to run or allow malicious code to be run that could successfully impact a vulnerable system.

Resolution:

Install the updated VRAS.DLL file for the correct product version and the correct operating system for Windows:
1. Copy the file VVR-DoS_288538.zip (Download Now link below) to a temporary location and then double click on the file to begin the extraction process.
2. Choose a location to extract the files and click Extract
3. After all files have been extracted,  click OK on the "All files have been extracted" notification prompt
4. Review the Readme.txt file for specific installation instructions

Note: Make sure to pick the correct operating system (32/64) and product version file for your server.

Directory structure of VVR-DoS_288538.zip:
    SFW 4.1\w2k\
    SFW 4.1\w2k3
    SFW 4.1 rp1\w2k
    SFW 4.1 rp1\w2k3
    SFW 4.2\w2k
    SFW 4.2\w2k3
    SFW 4.2 rp1\w2k
    SFW 4.2 rp1\w2k3
    SFW 4.2 rp2\w2k
    SFW 4.2 rp2\w2k3
    SFW 4.3\w2k
    SFW 4.3\w2k3
    SFW 4.3\w2k3-64
    SFW 4.3 mp1\w2k
    SFW 4.3 mp1\w2k3
    SFW 4.3 mp1\w2k3-64
    VM 3.1 Hotfix 5\w2k

    Affected Binaries:
    • vras.dll - build 5.31.67.0 - VM 3.1+HF5
    • vras.dll - build 5.41.37.27 - SFW 4.1
    • vras.dll - build 5.41.41.0 - SFW 4.1 RP1
    • vras.dll - build 4.2.30.0 - SFW 4.2
    • vras.dll - build 4.2.100.104 - SFW 4.2 RP1
    • vras.dll - build 4.2.200.112 - SFW 4.2 RP2
    • vras.dll - build 4.3.0.219 - SFW 4.3
    • vras.dll - build 4.3.1000.350 - SFW 4.3 MP1

    VxVM 3.1+HF5


    Installation Procedure:
    1. Stop the vxob service using the command net stop vxob. In case of a cluster, move the resource groups to another node of the cluster, prior to stopping the service
    2. Back up the original vras.dll file from %systemdrive%\Program Files\VERITAS\ Volume Manager 3.1\
    3. Copy the new vras.dll file to %systemdrive%\Program Files\VERITAS\ Volume Manager 3.1\
    4. Start the vxob service using the command net start vxob
    5. Repeat steps 1-4 on both primary and secondary hosts and on all nodes of the cluster

    SFW 4.1 and SFW 4.1 RP1

    Installation Procedure:
    1. Stop the vxob service using the command net stop vxob. In case of a cluster, move the resource groups to another node of the cluster, prior to stopping the service
    2. Back up the original vras.dll file from %systemdrive%\Program Files\VERITAS\VERITAS Volume Manager 4.1
    3. Copy the new vras.dll file to %systemdrive%\Program Files\VERITAS\VERITAS Volume Manager 4.1\. If it is a Windows 2000 system, pick the new vras.dll from the w2k folder, if it is Windows 2003, pick it from the w2k3 folder.
    4. Start the vxob service using the command net start vxob
    5. Repeat steps 1-4 on both primary and secondary hosts and on all nodes of cluster

    SFW 4.2, SFW 4.2 RP1, and SFW 4.2 RP2

    Installation Procedure:
    1. Stop the vxob service using the command net stop vxob.  In case of a cluster, move the resource groups to another node of the cluster, prior to stopping the service
    2. Back up the original vras.dll file from %systemdrive%\Program Files\VERITAS\VERITAS Volume Manager 4.2\
    3. Copy the new vras.dll file to %systemdrive%\Program Files\VERITAS\VERITAS Volume Manager 4.2\. If it is a Windows 2000 system, pick the new vras.dll file from the w2k folder; if it is Windows 2003, pick it from the w2k3 folder.
    4. Start the vxob service using the command net start vxob
    5. Repeat steps 1-4 on both the primary and the secondary hosts and on all nodes of cluster

    SFW 4.3 and SFW 4.3 MP1

    Installation Procedure:
    1. Stop the vxob service using the command net stop vxob. In case of a cluster, move the resource groups to another node of the cluster, prior to stopping the service
    2. Back up the original vras.dll file from %systemdrive%\Program Files\VERITAS\VERITAS Volume Manager 4.3\
    3. For 32 bit systems, copy the new vras.dll file to %systemdrive%\Program Files\VERITAS\VERITAS Volume Manager 4.3\. If it is a Windows 2000 system, pick the new vras.dll file from the w2k folder, if it is Windows 2003, pick it from the w2k3 folder.
    4. For 64 bit systems, copy the new vras.dll file to %systemdrive%\Program Files(x86)\VERITAS\VERITAS Volume Manager 4.3\. Pick the new vras.dll file from the W2K3-64 folder.
    5. Start the vxob service using the command net start vxob
    6. Repeat steps 1-5 on both primary and secondary hosts and on all nodes of cluster

    Best Practices
    As part of normal best practices, Symantec strongly recommends:
      · Restricting access to administration or management systems to privileged users.
      · Restricting remote access, if required, to trusted/authorized systems only.
      · Running under the principle of least privilege where possible to limit the impact of exploit by threats.
      · Keeping all operating systems and applications updated with the latest vendor patches.
      · Following a multi-layered approach to security. Run both firewall and anti-malware applications at a minimum to provide multiple points of detection and protection to both inbound and outbound threats.
      · Deploying network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities


      CVE
      The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CVE-2007-1593 to this issue. This issue is a candidate for inclusion in the CVE list (<http://cve.mitre.org> ), which standardizes names for security problems.


      Credit:
      Symantec would like to thank iDefense for reporting these issues and for providing full coordination while Symantec resolved them.


      Terms of use for this information are found in Legal Notices.

      Search

      Survey

      Did this article answer your question or resolve your issue?

      No
      Yes

      Did this article save you the trouble of contacting technical support?

      No
      Yes

      How can we make this article more helpful?

      Email Address (Optional)