[NEWS] VERITAS NetBackup Enterprise Server Buffer Overflow (vmd)
From: SecuriTeam (support_at_securiteam.com)
Date: 11/14/05
- Previous message: SecuriTeam: "[UNIX] VERITAS Storage Foundation Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 14 Nov 2005 16:23:38 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
VERITAS NetBackup Enterprise Server Buffer Overflow (vmd)
------------------------------------------------------------------------
SUMMARY
" <http://veritas.com/Products/www?c=product&refId=2> VERITAS NetBackup
Enterprise Server delivers mainframe-class data protection for the largest
UNIX, Windows, Linux, and NetWare enterprise environments, especially for
corporate data centers."
By sending a specially crafted packet to the Volume Manager stack overflow
of Veritas Netbackup Enterprise Server, attackers can cause an DoS
condition or to execute arbitrary code.
DETAILS
Vulnerable Systems:
* NetBackup Enterprise Server version 5.0 for all platforms
* NetBackup Enterprise Client/Server version 5.0 for all platforms
* NetBackup Enterprise Server version 5.1 for all platforms
* NetBackup Enterprise Client/Server version 5.1 for all platforms
Immune Systems:
* NetBackup DataCenter and BusinesServer version 4.5 MP, FP for all
platforms
* NetBackup Enterprise Server version 6.0 for all platforms
* NetBackup Enterprise Client/Server version 6.0 for all platforms
The vulnerability was initially found in the NetBackup vmd daemon but
further analysis revealed the problem occurs in a shared library used by
vmd possibly impacting other daemons using that shared library also. The
buffer overflow condition is due to improper bounds checking of user
input. If a remote attacker were able to gain access to the affected
library through one of the daemons and successfully exploit this
vulnerability, they could potentially disrupt backup capabilities or
possibly execute arbitrary code with elevated privileges on the targeted
system.
Workaround:
Use a firewall to restrict incoming connections to trusted workstations
running the Backup Exec client software, which uses port 13701 TCP.
Patch Availability:
Patches for NetBackup 5.0 and 5.1 are available from the following
location:
<http://support.veritas.com/menu_ddProduct_NBUESVR_view_DOWNLOAD.htm>
http://support.veritas.com/menu_ddProduct_NBUESVR_view_DOWNLOAD.htm
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3116>
CAN-2005-3116
Disclosure Timeline:
09/14/2005 - Initial vendor notification
09/14/2005 - Initial vendor response
11/10/2005 - Public disclosure
ADDITIONAL INFORMATION
The information has been provided by <mailto:labs-no-reply@idefense.com>
iDEFENSE Labs.
The original article can be found at:
<http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities&flashstatus=true> http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities,
The vendor advisory can be found at:
<http://seer.support.veritas.com/docs/279553.htm>
http://seer.support.veritas.com/docs/279553.htm
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] VERITAS Storage Foundation Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
