Intrusion Prevention

Veritas.NetBackup.Volume.Manager.Daemon.Buffer.Overflow

Description

This indicates an attack attempt against a stack-based buffer-overflow vulnerability in VERITAS NetBackup Enterprise Server.
The vulnerability is caused by insufficient checks in a shared library used by the Volume Manager daemon when the vulnerable software handles certain packets. It allows a remote attacker to execute arbitrary code via a malicious packet.

Affected Products

Veritas Software NetBackup:
Server 5.1
Server 5.0
Enterprise Server 5.1
Enterprise Server 5.0
Client 5.1
Client 5.0

Impact

System compromise: Remote code execution.

Recommended Actions

Apply the appropriate patch released by the vendor:
http://www.symantec.com/business/support/downloads.jsp?pid=15143

CVE References

CVE-2005-3116

Other References

1