Symantec NetBackup PureDisk PHP Buffer Overflow May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1017296
|
|
SecurityTracker URL: http://securitytracker.com/id?1017296
|
|
CVE Reference: CVE-2006-5465
(Links to External Site)
|
Date: Nov 29 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Symantec Advisory
|
Version(s): 6.0 MP1
|
Description: A vulnerability was reported in Symantec NetBackup PureDisk Remote Office Edition. A remote user may be able to execute arbitrary code on the target system.
A remote user may be able to send specially crafted data to trigger a buffer overflow in the PHP code used by the application and
potentially execute arbitrary code on the target system. The code will run with the privileges of the target service.
The underlying
vulnerability in PHP was previously reported [see Alert ID 1017152, CVE-2006-5465].
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: The vendor has issued a fixed version (6.1). Also, a patch for 6.0 is available at:
http://support.veritas.com/docs/285984
The
Symantec advisory is available at:
http://securityresponse.symantec.com/avcenter/security/Content/2006.11.28.html
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2006.11.28.html (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Red Hat Enterprise), Linux (SuSE), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 28 Nov 2006 20:39:09 -0500
Subject: Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability
|
SYM06-023
http://securityresponse.symantec.com/avcenter/security/Content/2006.11.28.html
CVE-2006-5465
|
|
