9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.93 High
EPSS
Percentile
99.0%
The Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Symantec VERITAS NetBackup
Symantec VERITAS NetBackup is a client/server based backup software solution.
NetBackup Volume Manager daemon
The Symantec VERITAS NetBackup Volume Manager is a service used by NetBackup that finds volumes that are needed for backup or restore operations. The Volume Manager daemon (vmd
) listens on 13701/tcp
by default.
The problem
The Symantec VERITAS NetBackup Volume Manager daemon contains a stack-based buffer overflow.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Install an update
Symantec has provided updates for the vulnerable software in Security Advisory SYM06-006.
Restrict access
Symantec has provided several workarounds for this vulnerability in Security Advisory SYM06-006, including restricting access to the vulnerable systems.
880801
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: March 29, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Symantec Security Advisory SYM06-006.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23880801 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Symantec, who in turn credit TippingPoint with reporting the vulnerability.
This document was written by Will Dormann.
CVE IDs: | CVE-2006-0989 |
---|---|
Severity Metric: | 34.63 Date Public: |