[Dshield] VERITAS NetBackup Volume Manager Daemon Buffer Overflow Issue

David Taylor ltr at isc.upenn.edu
Tue Nov 8 22:58:43 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I get a little nervous when backup software contain buffer overflows.
 Veritas isn't cheap so any system that has this installed probably
is fairly important and/or contains sensitive data.

http://www.frsirt.com/english/advisories/2005/2349

Vulnerable port number 13701.

Advisory ID : FrSIRT/ADV-2005-2349
CVE ID : CVE-2005-3116
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-08

Technical Description

A vulnerability has been identified in VERITAS NetBackup, which could
be exploited by remote attackers to execute arbitrary commands or
cause a denial of service. This flaw is due to a buffer overflow
error in a shared library used by the volume manager daemon (vmd)
that does not properly handle specially crafted requests (port
13701), which could be exploited by remote attackers to execute
arbitrary commands with root/SYSTEM privileges.

Affected Products

VERITAS NetBackup Enterprise Server version 5.0 (All platforms)
VERITAS NetBackup Server version 5.0 (All platforms)
VERITAS NetBackup Client version 5.0 (All platforms)
VERITAS NetBackup Enterprise Server version 5.1 (All platforms)
VERITAS NetBackup Server version 5.1 (All platforms)
VERITAS NetBackup Client version 5.1 (All platforms)

==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQ3Etl6xTsMlIjlJcEQJPDQCfS9mj7aE/4daFUP4OAeDo3mf0MT8AoNZ1
hbmldTrIqvF/S9NKvymKKC1n
=ZOgq
-----END PGP SIGNATURE-----



More information about the list mailing list