---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Symantec Veritas Netbackup Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23368 VERIFY ADVISORY: http://secunia.com/advisories/23368/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: VERITAS Netbackup Advanced Client 6.x http://secunia.com/product/8967/ VERITAS NetBackup Advanced Client 5.x http://secunia.com/product/7901/ VERITAS NetBackup Server 6.x http://secunia.com/product/5851/ VERITAS NetBackup Server 5.x http://secunia.com/product/4122/ VERITAS NetBackup Enterprise Server 6.x http://secunia.com/product/5850/ VERITAS NetBackup Enterprise Server 5.x http://secunia.com/product/4121/ DESCRIPTION: Some vulnerabilities have been reported in Symantec Veritas Netbackup, which can be exploited by malicious people to compromise a vulnerable system. 1) A logic error in the main Netbackup service (bpcd.exe) can be exploited via command chaining to make the service execute arbitrary commands. 2) A boundary error in the main Netbackup service (bpcd.exe) when parsing long requests can be exploited to cause a stack-based buffer overflow by passing an overly long request with a malformed length field to the service. 3) A boundary error in the main Netbackup service (bpcd.exe) when parsing CONNECT_OPTIONS requests can be exploited to cause a stack-based buffer overflow via an overly long request. SOLUTION: Apply patches. http://seer.support.veritas.com/docs/285082.htm PROVIDED AND/OR DISCOVERED BY: 1) IBM Internet Security Systems X-Force 2,3) Sebastian Apelt ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.12.13a.html http://seer.support.veritas.com/docs/285082.htm IBM Internet Security Systems: http://www.iss.net/threats/247.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-06-049.html http://www.zerodayinitiative.com/advisories/ZDI-06-050.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------