VERITAS NetBackup vnetd bpspsserver buffer overflow

2006-04-14T00:00:00
ID SAINT:17BBAE3AB75F00DAE72BDE3720D8FFEF
Type saint
Reporter SAINT Corporation
Modified 2006-04-14T00:00:00

Description

Added: 04/14/2006
CVE: CVE-2006-0991
BID: 17264
OSVDB: 24170

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

A buffer overflow in **bpspsserver** allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service message to the **vnetd** service.

Resolution

Apply the update referenced in Symantec Advisory SYM06-006.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1641.html>

Limitations

Exploit works on VERITAS NetBackup 6.0.

Platforms

Windows XP