Vulnerability Note VU#744137
Symantec VERITAS NetBackup Catalog daemon buffer overflow
Overview
The NetBackup Catalog daemon contains a stack-based buffer overflow that could allow a remote attacker to execute arbitrary code on a NetBackup master server.
Description
VERITAS NetBackup Netbackup is a data backup and recovery solution with support for "over the network" backup. |
Impact
By sending a specially crafted packet to a vulnerable Netbackup master a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the NetBackup Catalog daemon, typically root. |
Solution
Apply patches from Symantec/VERITAS |
Restrict access
|
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Symantec, Inc. | Affected | - | 29 Mar 2006 |
Veritas, Inc. | Affected | - | 29 Mar 2006 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- http://support.veritas.com/docs/281521
- http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html
- http://www.zerodayinitiative.com/advisories/ZDI-06-006.html
- http://secunia.com/advisories/19417/
Credit
This vulnerability was reported by TippingPoint Security Research.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CVE-2006-0990
- Date Public: 27 Mar 2006
- Date First Published: 29 Mar 2006
- Date Last Updated: 29 Mar 2006
- Severity Metric: 22.05
- Document Revision: 29
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.