{"vuid":"VU#574662","idnumber":"574662","name":"VERITAS NetBackup library buffer overflow vulnerability","keywords":["VERITAS NetBackup","buffer overflow","volume manager daemon","vmd"],"overview":"A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"According to Symantec/VERITAS: A vulnerability has been confirmed in the NetBackup Volume Manager daemon (vmd). By sending a specially crafted packet to the Volume Manager, a stack overflow occurs. This is caused by improper bounds checking. Exploitation does not require authentication, thereby allowing a remote attacker to take over the system or disrupt the backup capabilities. Further testing and code inspection has revealed that all other NetBackup 5.1 daemons are potentially affected in the same manner. Therefore, any Master Servers, Media Servers, Clients and Console machines at this version level are subject to this vulnerability. However, NetBackup 5.1 database agents are not affected by this issue. For more information, please refer to Symantec Advisory SYM05-024. Please note that exploit code for this vulnerability is publicly available.","impact":"A remote, unauthenticated attacker may be able to trigger this buffer overflow by sending a vulnerable NetBackup installation a specially crafted packet. Exploitation may allow that attacker to execute arbitrary code with root or SYSTEM privileges.","resolution":"Apply Patches \nPlease see the Symantec Updates & Downloads page for patches to correct this vulnerability.","workarounds":"Restrict access You may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by the NetBackup services. Symantec/VERITAS provided the following table of default ports for NetBackup processes: Process\nDefault Port \nvisd\n9284\nvmd\n13701\nacsd\n13702\ntl8cd\n13705\nodld\n13706\nts8d\n13709\ntldcd\n13711\ntl4d\n13713\ntsdd\n13714\ntshd\n13715\ntlmd\n13716\ntlhcd\n13717\nlmfcd\n13718\nrsmd\n13719\nbprd\n13720\nbpdbm\n13721\nbpjava-msvc\n13722\nbpjobd\n13723\nvnetd\n13724\nbpcd\n13782\nvopied\n13783\nnbdbd\n13784 Restricting access to these ports will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.","sysaffected":"","thanks":"This issue was reported by Symantec, who credits \niDefense Labs\n with providing information regarding this vulnerability.","author":"This document was written by Jeff Gennari.","public":["http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html"," http://seer.support.veritas.com/docs/279553.htm","http://seer.support.veritas.com/docs/280097.htm","http://secunia.com/advisories/17503/","http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities"],"cveids":["CVE-2005-3116"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-11-09T21:10:11Z","publicdate":"2005-11-08T00:00:00Z","datefirstpublished":"2005-11-14T21:12:40Z","dateupdated":"2006-01-16T18:08:33Z","revision":42,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"6","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"24.80625","cam_scorecurrentwidelyknown":"30.7125","cam_scorecurrentwidelyknownexploited":"54.3375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":24.80625,"vulnote":null}