Overview
A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
According to Symantec/VERITAS: A vulnerability has been confirmed in the NetBackup Volume Manager daemon (vmd). By sending a specially crafted packet to the Volume Manager, a stack overflow occurs. This is caused by improper bounds checking. Exploitation does not require authentication, thereby allowing a remote attacker to take over the system or disrupt the backup capabilities. Further testing and code inspection has revealed that all other NetBackup 5.1 daemons are potentially affected in the same manner. Therefore, any Master Servers, Media Servers, Clients and Console machines at this version level are subject to this vulnerability. However, NetBackup 5.1 database agents are not affected by this issue. |
Impact
A remote, unauthenticated attacker may be able to trigger this buffer overflow by sending a vulnerable NetBackup installation a specially crafted packet. Exploitation may allow that attacker to execute arbitrary code with root or SYSTEM privileges. |
Solution
Apply Patches Please see the Symantec Updates & Downloads page for patches to correct this vulnerability. |
Restrict access
Restricting access to these ports will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This issue was reported by Symantec, who credits iDefense Labs with providing information regarding this vulnerability.
This document was written by Jeff Gennari.
Other Information
CVE IDs: | CVE-2005-3116 |
Severity Metric: | 24.81 |
Date Public: | 2005-11-08 |
Date First Published: | 2005-11-14 |
Date Last Updated: | 2006-01-16 18:08 UTC |
Document Revision: | 42 |