VERITAS NetBackup VMD argument parsing vulnerability

2006-04-05T00:00:00
ID SAINT:C00B1FE3D164E09889471003893BECD0
Type saint
Reporter SAINT Corporation
Modified 2006-04-05T00:00:00

Description

Added: 04/05/2006
CVE: CVE-2006-0989
BID: 17264
OSVDB: 24172

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

Volume Manager Daemon (VMD) is affected by a buffer overflow vulnerability when parsing arguments to various commands. This vulnerability allows remote command execution.

Resolution

Apply the patch referenced in Symantec security bulletin SYM06-006.

References

<http://www.kb.cert.org/vuls/id/880801>

Limitations

Exploit works on VERITAS NetBackup 5.1.

Platforms

Windows 2000
Windows XP
Windows XP SP2
Windows Server 2003