Vulnerability Note VU#880801

Symantec VERITAS NetBackup Volume Manager daemon buffer overflow

Original Release date: 29 Mar 2006 | Last revised: 12 Jan 2007

Overview

The Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Symantec VERITAS NetBackup

Symantec VERITAS NetBackup is a client/server based backup software solution.

NetBackup Volume Manager daemon

The Symantec VERITAS NetBackup Volume Manager is a service used by NetBackup that finds volumes that are needed for backup or restore operations. The Volume Manager daemon (vmd) listens on 13701/tcp by default.

The problem

The Symantec VERITAS NetBackup Volume Manager daemon contains a stack-based buffer overflow.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

Solution

Install an update
Symantec has provided updates for the vulnerable software in Security Advisory SYM06-006.


Restrict access

Symantec has provided several workarounds for this vulnerability in Security Advisory SYM06-006, including restricting access to the vulnerable systems.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Symantec, Inc.Affected-29 Mar 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Symantec, who in turn credit TippingPoint with reporting the vulnerability.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2006-0989
  • Date Public: 27 Mar 2006
  • Date First Published: 29 Mar 2006
  • Date Last Updated: 12 Jan 2007
  • Severity Metric: 34.63
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.