Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2006 > AusCERT Update: AU-2006.0004 - Proof of concept code released for VERITAS NetBackup 5.x

January 2006

AusCERT Update: AU-2006.0004 - Proof of concept code released for VERITAS NetBackup 5.x

ID: 00054
Ref: 53/2006
Date: 17 January 2006:13:28:15
Version: 1
Title: AusCERT Update: AU-2006.0004 - Proof of concept code released for VERITAS NetBackup 5.x
Abstract:
Vendors affected: AusCERT
Operating systems affected: AusCERT
Applications affected: AusCERT
Title
=====

AusCERT Update: AU-2006.0004 - Proof of concept code released for VERITAS
NetBackup 5.x

Detail
======

AusCERT has become aware of the public release of Proof of Concept (PoC)
code for the Veritas Volume Manager Daemon, which runs on Veritas NetBackup
5.x servers and clients. Successful exploitation of this vulnerability
results in the execution of code as the user running the NetBackup software.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2006.0004 - [Win][UNIX/Linux]
Proof of concept code released for VERITAS NetBackup 5.x
17 January 2006

AusCERT Update Summary
----------------------

Product: NetBackup Enterprise Server Server/Client 5.0, 5.1
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2005-3116

Ref: ESB-2005.0903

AusCERT has become aware of the public release of Proof of Concept (PoC)
code for the Veritas Volume Manager Daemon, which runs on Veritas NetBackup
5.x servers and clients. Successful exploitation of this vulnerability
results in the execution of code as the user running the NetBackup software.

More information regarding the vulnerability can be found on the iDEFENSE
web site:

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336

Additional information, including patch availability is available from the
Veritas web site:

http://seer.support.veritas.com/docs/279553.htm

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.


iQCVAwUBQ8ylMSh9+71yA2DNAQJQ1AP/WCkHx83DMPrSCxUBPmaevs753zsgWanf
q6qKOejmO5vchbtdMTk2VGYt2Haoc35iTZu5R45lKt9bxvTpi66qk0piYQ1O9VNr
Xj00vcIzSfodyi2/jYDPExK96z5gGfxJX2nqygc8EXM1xKKuTQvELHNK2ffm0e1/
kNkCa2+B/uU=
=UqyE
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |