VERITAS NetBackup Enterprise Server Buffer Overflow (vmd)
13 Nov. 2005
Summary
"VERITAS NetBackup Enterprise Server delivers mainframe-class data protection for the largest UNIX, Windows, Linux, and NetWare enterprise environments, especially for corporate data centers."
By sending a specially crafted packet to the Volume Manager stack overflow of Veritas Netbackup Enterprise Server, attackers can cause an DoS condition or to execute arbitrary code.
Vulnerable Systems:
* NetBackup Enterprise Server version 5.0 for all platforms
* NetBackup Enterprise Client/Server version 5.0 for all platforms
* NetBackup Enterprise Server version 5.1 for all platforms
* NetBackup Enterprise Client/Server version 5.1 for all platforms
Immune Systems:
* NetBackup DataCenter and BusinesServer version 4.5 MP, FP for all platforms
* NetBackup Enterprise Server version 6.0 for all platforms
* NetBackup Enterprise Client/Server version 6.0 for all platforms
The vulnerability was initially found in the NetBackup vmd daemon but further analysis revealed the problem occurs in a shared library used by vmd possibly impacting other daemons using that shared library also. The buffer overflow condition is due to improper bounds checking of user input. If a remote attacker were able to gain access to the affected library through one of the daemons and successfully exploit this vulnerability, they could potentially disrupt backup capabilities or possibly execute arbitrary code with elevated privileges on the targeted system.
Workaround:
Use a firewall to restrict incoming connections to trusted workstations running the Backup Exec client software, which uses port 13701 TCP.
