Buffer Overflow Vulnerability in Symantec Veritas NetBackup
CVE-2006-5822

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas Netbackup Server; Veritas Netbackup Enterprise Server; Veritas Netbackup Client
Vendor: CVE Published:; 14 December 2006

Summary

The Veritas NetBackup’s bpcd daemon is susceptible to a stack-based buffer overflow due to insufficient validation of the CONNECT_OPTIONS request. This flaw allows remote attackers to send specially crafted requests, potentially leading to the execution of arbitrary code on the affected system. Users are advised to update to the latest versions of NetBackup to mitigate exposure to this vulnerability.

References

http://www.zerodayinitiative.com/advisories/ZDI-06-050.html

x_refsource_MISC

http://www.securityfocus.com/archive/1/454314/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/23368

third-party-advisoryx_refsource_SECUNIA

EPSS Score

37% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Nov 8, 2006