Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Veritas Exploit on the web InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Veritas Exploit on the web

Published: 2006-01-16
Last Updated: 2006-01-16 23:43:34 UTC
by Tony Carothers (Version: 1)
0 comment(s)

FrSIRT has notified the ISC that a new exploit has been released utilizing the Stack Overflow vulnerability in Veritas Netbackup Enterprise Server.  As a reminder, a specifically crafted packet, sent to the Volume Manager via port 13701, will cause a stack overflow, allowing the attacker to run code of her/his choosing.  Authentication by the attacker is not needed to take advantage of this vulnerability.  

The vulnerability that this exploit takes advantage of is ~60 days old.  The downside of this exploit is that, in one pass, an attacker would have the ability to create a disaster, and then destroy a company's ability to recover from said disaster.

The security packs that address this vulnerability, Symantec Advisory #SYM05-024, can be found here. 

Thanx again to FrSIRT for providing the update.

Keywords:
0 comment(s)
Diary Archives