|
|
|
|
| |
"VERITAS NetBackup Enterprise Server delivers mainframe-class data protection for the largest UNIX, Windows, Linux, and NetWare enterprise environments, especially for corporate data centers."
By sending a specially crafted packet to the Volume Manager stack overflow of Veritas Netbackup Enterprise Server, attackers can cause an DoS condition or to execute arbitrary code. |
| |
Credit:
The information has been provided by iDEFENSE Labs.
The original article can be found at: http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities,
The vendor advisory can be found at: http://seer.support.veritas.com/docs/279553.htm
|
| |
Vulnerable Systems:
* NetBackup Enterprise Server version 5.0 for all platforms
* NetBackup Enterprise Client/Server version 5.0 for all platforms
* NetBackup Enterprise Server version 5.1 for all platforms
* NetBackup Enterprise Client/Server version 5.1 for all platforms
Immune Systems:
* NetBackup DataCenter and BusinesServer version 4.5 MP, FP for all platforms
* NetBackup Enterprise Server version 6.0 for all platforms
* NetBackup Enterprise Client/Server version 6.0 for all platforms
The vulnerability was initially found in the NetBackup vmd daemon but further analysis revealed the problem occurs in a shared library used by vmd possibly impacting other daemons using that shared library also. The buffer overflow condition is due to improper bounds checking of user input. If a remote attacker were able to gain access to the affected library through one of the daemons and successfully exploit this vulnerability, they could potentially disrupt backup capabilities or possibly execute arbitrary code with elevated privileges on the targeted system.
Workaround:
Use a firewall to restrict incoming connections to trusted workstations running the Backup Exec client software, which uses port 13701 TCP.
Patch Availability:
Patches for NetBackup 5.0 and 5.1 are available from the following location: http://support.veritas.com/menu_ddProduct_NBUESVR_view_DOWNLOAD.htm
CVE Information:
CAN-2005-3116
Disclosure Timeline:
09/14/2005 - Initial vendor notification
09/14/2005 - Initial vendor response
11/10/2005 - Public disclosure
|
|
|
|
|
|
|
|
|
|
