VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
BID:17264
Info
VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 17264 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-0989 CVE-2006-0990 CVE-2006-0991 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2006 12:00AM |
| Updated: | Mar 28 2006 04:18PM |
| Credit: | Discovery is credited to 3Com. |
| Vulnerable: |
Veritas Software NetBackup Enterprise Server 6.0 Veritas Software NetBackup Enterprise Server 5.1 Veritas Software NetBackup Enterprise Server 5.0 Veritas Software NetBackup DataCenter 4.5 MP Veritas Software NetBackup DataCenter 4.5 FP Veritas Software NetBackup BusinesServer 4.5 MP Veritas Software NetBackup BusinesServer 4.5 FP |
| Not Vulnerable: | |
Discussion
VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
Various daemons running in VERITAS NetBackup are prone to buffer-overflow vulnerabilities.
Specifically, the vulnerabilities affect the volume manager daemon ('vmd'), the NetBackup Catalog daemon ('bpdbm'), and the NetBackup Sharepoint Services server daemon ('bpspsserver').
A successful attack may allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the application.
These issues affect various versions of NetBackup servers and clients.
Various daemons running in VERITAS NetBackup are prone to buffer-overflow vulnerabilities.
Specifically, the vulnerabilities affect the volume manager daemon ('vmd'), the NetBackup Catalog daemon ('bpdbm'), and the NetBackup Sharepoint Services server daemon ('bpspsserver').
A successful attack may allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the application.
These issues affect various versions of NetBackup servers and clients.
Exploit / POC
VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
Solution:
Symantec has released an advisory with fixes to address this issue. Please see the references for more information.
Solution:
Symantec has released an advisory with fixes to address this issue. Please see the references for more information.
References
VERITAS NetBackup Multiple Remote Buffer Overflow Vulnerabilities
References:
References:
- SYM06-006 - Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Da (Symantec)
- TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability ([email protected])
- ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow ([email protected])
- ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow ([email protected])