CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
According to Symantec/VERITAS:
_A vulnerability has been confirmed in the NetBackup Volume Manager daemon (vmd). By sending a specially crafted packet to the Volume Manager, a stack overflow occurs. This is caused by improper bounds checking. Exploitation does not require authentication, thereby allowing a remote attacker to take over the system or disrupt the backup capabilities. Further testing and code inspection has revealed that all other NetBackup 5.1 daemons are potentially affected in the same manner. Therefore, any Master Servers, Media Servers, Clients and Console machines at this version level are subject to this vulnerability. However, NetBackup 5.1 database agents are not affected by this issue. _
For more information, please refer to Symantec Advisory SYM05-024.
Please note that exploit code for this vulnerability is publicly available.
A remote, unauthenticated attacker may be able to trigger this buffer overflow by sending a vulnerable NetBackup installation a specially crafted packet. Exploitation may allow that attacker to execute arbitrary code with root or SYSTEM privileges.
Apply Patches
Please see the Symantec Updates & Downloads page for patches to correct this vulnerability.
Restrict access
You may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by the NetBackup services. Symantec/VERITAS provided the following table of default ports for NetBackup processes:
|
Process
|
Default Port
—|—
visd
|
9284
vmd
|
13701
acsd
|
13702
tl8cd
|
13705
odld
|
13706
ts8d
|
13709
tldcd
|
13711
tl4d
|
13713
tsdd
|
13714
tshd
|
13715
tlmd
|
13716
tlhcd
|
13717
lmfcd
|
13718
rsmd
|
13719
bprd
|
13720
bpdbm
|
13721
bpjava-msvc
|
13722
bpjobd
|
13723
vnetd
|
13724
bpcd
|
13782
vopied
|
13783
nbdbd
|
13784
Restricting access to these ports will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network’s configuration and service requirements before deciding what changes are appropriate.
574662
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 14, 2005 Updated: November 15, 2005
Affected
According to Symantec/VERITAS, information regarding this vulnerability and its remediation is available at <http://seer.support.veritas.com/docs/279553.htm>.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: November 15, 2005
Affected
According to Symantec/VERITAS, information regarding this vulnerability and its remediation is available at <http://seer.support.veritas.com/docs/279553.htm>.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was reported by Symantec, who credits iDefense Labs with providing information regarding this vulnerability.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2005-3116 |
---|---|
Severity Metric: | 24.81 Date Public: |