[UNIX] Veritas NetBackup TIME_STAMP DoS
From: SecuriTeam (support_at_securiteam.com)
Date: 07/25/05
- Previous message: SecuriTeam: "[NEWS] Oracle Products Multiple Vulnerabilities (TA05-194A)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 25 Jul 2005 18:18:50 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Veritas NetBackup TIME_STAMP DoS
------------------------------------------------------------------------
SUMMARY
" <http://www.veritas.com/> VERITAS NetBackup Server software is a
cost-effective heterogeneous backup and recovery solution designed for
mid-size organizations, workgroups, and remote offices."
VERITAS NetBackup's <http://www.ndmp.org/info/faq.shtml> NDMP Server
vulnerable to denial of service via its handling of the TIME_STAMP
variable.
DETAILS
Vulnerable Systems:
* NetBackup version 5.1
NetBackup runs a <http://www.ndmp.org/info/faq.shtml> NDMP server that
listens on port 10000/TCP. It is possible to cause an access violation by
sending a 'CONFIG' message request to the NDMP server with a timestamp in
the ndmpheader that is out of range:
enum ndmp_message_type
{
NDMP_REQUEST
};
struct ndmp_header
{
u_long sequence; (local counter that starts at 1 and increases by 1 for
every message sent)
u_long time_stamp; (in seconds since 00:00:00 GMT, Jan 1, 1970)
ndmp_message_type message_type; (request or reply message)
ndmp_message message; (tape data config etc)
u_long reply_sequence; (number from the request message to which the
reply is associated)
ndmp_error error; (verbose)
};
ADDITIONAL INFORMATION
The original article can be found at:
<http://www.hat-squad.com/en/000170.html>
http://www.hat-squad.com/en/000170.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] Oracle Products Multiple Vulnerabilities (TA05-194A)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
