Lucene search

CERTVU:574662

HistoryNov 14, 2005 - 12:00 a.m.

VERITAS NetBackup library buffer overflow vulnerability

2005-11-1400:00:00

www.kb.cert.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.955

Percentile

99.4%

JSON

Overview

A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

According to Symantec/VERITAS:

_A vulnerability has been confirmed in the NetBackup Volume Manager daemon (vmd). By sending a specially crafted packet to the Volume Manager, a stack overflow occurs. This is caused by improper bounds checking. Exploitation does not require authentication, thereby allowing a remote attacker to take over the system or disrupt the backup capabilities. Further testing and code inspection has revealed that all other NetBackup 5.1 daemons are potentially affected in the same manner. Therefore, any Master Servers, Media Servers, Clients and Console machines at this version level are subject to this vulnerability. However, NetBackup 5.1 database agents are not affected by this issue. _

For more information, please refer to Symantec Advisory SYM05-024.

Please note that exploit code for this vulnerability is publicly available.

Impact

A remote, unauthenticated attacker may be able to trigger this buffer overflow by sending a vulnerable NetBackup installation a specially crafted packet. Exploitation may allow that attacker to execute arbitrary code with root or SYSTEM privileges.

Solution

Apply Patches

Please see the Symantec Updates & Downloads page for patches to correct this vulnerability.

Restrict access

You may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by the NetBackup services. Symantec/VERITAS provided the following table of default ports for NetBackup processes:

Process

Default Port

—|—

visd

9284

vmd

13701

acsd

13702

tl8cd

13705

odld

13706

ts8d

13709

tldcd

13711

tl4d

13713

tsdd

13714

tshd

13715

tlmd

13716

tlhcd

13717

lmfcd

13718

rsmd

13719

bprd

13720

bpdbm

13721

bpjava-msvc

13722

bpjobd

13723

vnetd

13724

bpcd

13782

vopied

13783

nbdbd

13784

Restricting access to these ports will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network’s configuration and service requirements before deciding what changes are appropriate.

Vendor Information

574662

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Symantec, Inc. __ Affected

Notified: November 14, 2005 Updated: November 15, 2005

Status

Affected

Vendor Statement

According to Symantec/VERITAS, information regarding this vulnerability and its remediation is available at <http://seer.support.veritas.com/docs/279553.htm>.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Veritas Backup-Exec __ Affected

Updated: November 15, 2005

Status

Affected

Vendor Statement

According to Symantec/VERITAS, information regarding this vulnerability and its remediation is available at <http://seer.support.veritas.com/docs/279553.htm>.