SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Veritas NetBackup Vendors:   Symantec, Veritas
Veritas NetBackup Buffer Overflows in vmd, bpdbm, and bpspsserver Daemons Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015832
SecurityTracker URL:  http://securitytracker.com/id/1015832
CVE Reference:   CVE-2006-0989, CVE-2006-0990, CVE-2006-0991   (Links to External Site)
Date:  Mar 27 2006
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0
Description:   Several vulnerabilities were reported in Veritas NetBackup. A remote user can execute arbitrary code on the target system.

The volume manager (vmd) daemon, the NetBackup Catalog (bpdbm) daemon, and the NetBackup Sharepoint Services server (bpspsserver) daemon are affected. Both client and server implementations are vulnerable.

A remote user can supply specially crafted data to the volume manager daemon on TCP port 13701 to trigger a stack overflow [CVE-2006-0989]. All platforms are affected.

A remote user can supply specially crafted data to the NetBackup Database Manager service on TCP port 13721 to trigger a stack overflow buffer [CVE-2006-0990]. All platforms are affected.

A remote user can supply specially crafted data to NetBackup Sharepoint Services server on TCP port 13724 to trigger either of two buffer overflows, one of which is a stack overflow [CVE-2006-0991]. Only the Windows-based platforms are affected by this bpspsserver vulnerability.

Sebastian Apelt discovered the first two vulnerabilities and TippingPoint Security Research discovered the third vulnerability.

Symantec credits 3Com with reporting this vulnerabilities.

The vendor was notified of these three vulnerabilities on December 20, 2005, January 24, 2005, and January 23, 2005, respectively.

The original advisories are available at:

http://www.zerodayinitiative.com/advisories/ZDI-06-005.html
http://www.zerodayinitiative.com/advisories/ZDI-06-006.html

Impact:   A remote user can execute arbitrary code on the target system, potentially with elevated privileges.
Solution:   Symantec has issued the following fixes.

For 6.0:

6.0_MP2
http://support.veritas.com/docs/281521

For 5.1:

5.1_MP4_S01, 5.1_MP5
http://support.veritas.com/docs/281521

For 5.0:

5.0_MP6_S01, 5.0_MP7
http://support.veritas.com/docs/281521

For 4.5FP:

4.5_FP9-S2
http://support.veritas.com/docs/281521

For 4.5MP:

4.5_MP9_S2
http://support.veritas.com/docs/281521

The vendor's advisory is available at:

http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html

Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC