FrSIRT has notified the ISC that a new exploit has been released utilizing the Stack Overflow vulnerability in Veritas Netbackup Enterprise Server. As a reminder, a specifically crafted packet, sent to the Volume Manager via port 13701, will cause a stack overflow, allowing the attacker to run code of her/his choosing. Authentication by the attacker is not needed to take advantage of this vulnerability.
The vulnerability that this exploit takes advantage of is ~60 days old. The downside of this exploit is that, in one pass, an attacker would have the ability to create a disaster, and then destroy a company's ability to recover from said disaster.
Thanx again to FrSIRT for providing the update.
Jan 16th 2006
1 decade ago