VERITAS NetBackup VMD argument parsing vulnerability

Added: 04/05/2006
CVE: CVE-2006-0989
BID: 17264
OSVDB: 24172

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

Volume Manager Daemon (VMD) is affected by a buffer overflow vulnerability when parsing arguments to various commands. This vulnerability allows remote command execution.

Resolution

Apply the patch referenced in Symantec security bulletin SYM06-006.

References

http://www.kb.cert.org/vuls/id/880801

Limitations

Exploit works on VERITAS NetBackup 5.1.

Platforms

Windows 2000
Windows XP
Windows XP SP2
Windows Server 2003

Back to exploit index