VERITAS NetBackup Volume Manager Daemon buffer overflow

2005-12-04T00:00:00
ID SAINT:0E980C31408EDC625012832129166EBE
Type saint
Reporter SAINT Corporation
Modified 2005-12-04T00:00:00

Description

Added: 12/04/2005
CVE: CVE-2005-3116
BID: 15353
OSVDB: 20674

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

The Volume Manager Daemon (VMD) has an error in its shared library allowing for a buffer overflow. A specially crafted request sent to port 13701/tcp on a NetBackup server or client could result in command execution with root or system privileges.

Resolution

Apply the patch referenced in Symantec advisory 05-024.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336&type=vulnerabilities

Limitations

Exploit works on VERITAS NetBackup Server 5.1. Due to small buffer size, the target must be able to connect back to the attack host to retrieve the shell code.

Platforms

Windows