Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:13B49EF6DD51FDFE7BDB233A189BDB1B
HistoryDec 04, 2005 - 12:00 a.m.

VERITAS NetBackup Volume Manager Daemon buffer overflow

2005-12-0400:00:00
SAINT Corporation
download.saintcorporation.com
12

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.955

Percentile

99.4%

JSON

Added: 12/04/2005
CVE: CVE-2005-3116
BID: 15353
OSVDB: 20674

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

The Volume Manager Daemon (VMD) has an error in its shared library allowing for a buffer overflow. A specially crafted request sent to port 13701/tcp on a NetBackup server or client could result in command execution with root or system privileges.

Resolution

Apply the patch referenced in Symantec advisory 05-024.

References

[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336&amp;type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336&type=vulnerabilities
>)

Limitations

Exploit works on VERITAS NetBackup Server 5.1. Due to small buffer size, the target must be able to connect back to the attack host to retrieve the shell code.

Platforms

Windows

Related

cert 1
exploitdb 1
securityvulns 1
cvelist 1
nessus 1
cve 1
saint 3
kaspersky 1
checkpoint_advisories 2
nvd 1
cert
cert
VERITAS NetBackup library buffer overflow vulnerability
2005-11-14 00:00:00
exploitdb
exploitdb
Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow
2006-01-16 00:00:00
securityvulns
securityvulns
[Full-disclosure] iDEFENSE Security Advisory 11.10.05: Stack Overflow in Veritas Netbackup Enterprise Server
2005-11-11 00:00:00
cvelist
cvelist
CVE-2005-3116
2005-11-18 11:00:00
nessus
nessus
VERITAS NetBackup Volume Manager Daemon Buffer Overflow
2005-11-11 00:00:00
cve
cve
CVE-2005-3116
2005-11-18 11:00:00
saint
saint
VERITAS NetBackup Volume Manager Daemon buffer overflow
2005-12-04 00:00:00
VERITAS NetBackup Volume Manager Daemon buffer overflow
2005-12-04 00:00:00
VERITAS NetBackup Volume Manager Daemon buffer overflow
2005-12-04 00:00:00
kaspersky
kaspersky
KLA10379 ACE vulnerability in Veritas NetBackup Enterprise Server
2005-11-18 00:00:00
checkpoint_advisories
checkpoint_advisories
VERITAS NetBackup vmd Shared Library Buffer Overflow - ver 2 (CVE-2005-3116)
2014-01-20 00:00:00
VERITAS NetBackup vmd Shared Library Buffer Overflow (CVE-2005-3116)
2009-12-01 00:00:00
nvd
nvd
CVE-2005-3116
2005-11-18 06:03:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.955

Percentile

99.4%

JSON
Related for SAINT:13B49EF6DD51FDFE7BDB233A189BDB1B
cert1exploitdb1securityvulns1cvelist1nessus1cve1saint3kaspersky1checkpoint_advisories2nvd1