Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Veritas NetBackup Buffer Overflows in vmd, bpdbm, and bpspsserver Daemons Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1015832
|
|
SecurityTracker URL: http://securitytracker.com/id?1015832
|
|
CVE Reference: CVE-2006-0989
, CVE-2006-0990
, CVE-2006-0991
(Links to External Site)
|
Date: Mar 27 2006
|
Impact: Execution of arbitrary code via network, Root access via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Symantec Advisory
|
Version(s): 6.0
|
Description: Several vulnerabilities were reported in Veritas NetBackup. A remote user can execute arbitrary code on the target system.
The volume manager (vmd) daemon, the NetBackup Catalog (bpdbm) daemon, and the NetBackup Sharepoint Services server (bpspsserver)
daemon are affected. Both client and server implementations are vulnerable.
A remote user can supply specially crafted data
to the volume manager daemon on TCP port 13701 to trigger a stack overflow [CVE-2006-0989]. All platforms are affected.
A remote
user can supply specially crafted data to the NetBackup Database Manager service on TCP port 13721 to trigger a stack overflow buffer
[CVE-2006-0990]. All platforms are affected.
A remote user can supply specially crafted data to NetBackup Sharepoint Services
server on TCP port 13724 to trigger either of two buffer overflows, one of which is a stack overflow [CVE-2006-0991]. Only the
Windows-based platforms are affected by this bpspsserver vulnerability.
Sebastian Apelt discovered the first two vulnerabilities
and TippingPoint Security Research discovered the third vulnerability.
Symantec credits 3Com with reporting this vulnerabilities.
The
vendor was notified of these three vulnerabilities on December 20, 2005, January 24, 2005, and January 23, 2005, respectively.
The
original advisories are available at:
http://www.zerodayinitiative.com/advisories/ZDI-06-005.html
http://www.zerodayinitiative.com/advisories/ZDI-06-006.html
|
Impact: A remote user can execute arbitrary code on the target system, potentially with elevated privileges.
|
Solution: Symantec has issued the following fixes.
For 6.0:
6.0_MP2
http://support.veritas.com/docs/281521
For 5.1:
5.1_MP4_S01,
5.1_MP5
http://support.veritas.com/docs/281521
For 5.0:
5.0_MP6_S01, 5.0_MP7
http://support.veritas.com/docs/281521
For
4.5FP:
4.5_FP9-S2
http://support.veritas.com/docs/281521
For 4.5MP:
4.5_MP9_S2
http://support.veritas.com/docs/281521
The
vendor's advisory is available at:
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 27 Mar 2006 15:55:03 -0500
Subject: Veritas NetBackup vulnerabilities
|
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html
SYM06-006
March 27, 2006
Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons
CVE-2006-0989
CVE-2006-0990
CVE-2006-0991
|
|
Go to the Top of This SecurityTracker Archive Page
|
