SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#574662

VERITAS NetBackup library buffer overflow vulnerability

Overview

A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

According to Symantec/VERITAS:

    A vulnerability has been confirmed in the NetBackup Volume Manager daemon (vmd). By sending a specially crafted packet to the Volume Manager, a stack overflow occurs. This is caused by improper bounds checking. Exploitation does not require authentication, thereby allowing a remote attacker to take over the system or disrupt the backup capabilities. Further testing and code inspection has revealed that all other NetBackup 5.1 daemons are potentially affected in the same manner. Therefore, any Master Servers, Media Servers, Clients and Console machines at this version level are subject to this vulnerability. However, NetBackup 5.1 database agents are not affected by this issue.


For more information, please refer to Symantec Advisory SYM05-024.

Please note that exploit code for this vulnerability is publicly available.

II. Impact

A remote, unauthenticated attacker may be able to trigger this buffer overflow by sending a vulnerable NetBackup installation a specially crafted packet. Exploitation may allow that attacker to execute arbitrary code with root or SYSTEM privileges.

III. Solution

Apply Patches

Please see the Symantec Updates & Downloads page for patches to correct this vulnerability.

Restrict access

You may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by the NetBackup services. Symantec/VERITAS provided the following table of default ports for NetBackup processes:

Process
Default Port
visd
9284
vmd
13701
acsd
13702
tl8cd
13705
odld
13706
ts8d
13709
tldcd
13711
tl4d
13713
tsdd
13714
tshd
13715
tlmd
13716
tlhcd
13717
lmfcd
13718
rsmd
13719
bprd
13720
bpdbm
13721
bpjava-msvc
13722
bpjobd
13723
vnetd
13724
bpcd
13782
vopied
13783
nbdbd
13784

Restricting access to these ports will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.

Systems Affected

VendorStatusDate NotifiedDate Updated
Symantec, Inc.Vulnerable15-Nov-2005
Veritas Backup-ExecVulnerable15-Nov-2005

References


http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html
http://seer.support.veritas.com/docs/279553.htm
http://seer.support.veritas.com/docs/280097.htm
http://secunia.com/advisories/17503/
http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities

Credit

This issue was reported by Symantec, who credits iDefense Labs with providing information regarding this vulnerability.

This document was written by Jeff Gennari.

Other Information

Date Public:2005-11-08
Date First Published:2005-11-14
Date Last Updated:2006-01-16
CERT Advisory: 
CVE-ID(s):CVE-2005-3116
NVD-ID(s):CVE-2005-3116
US-CERT Technical Alerts: 
Metric:24.81
Document Revision:42

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader