Symantec NetBackup users urged to update software

Newly-created patches repair security vulnerabilities that allow remote intruders to execute arbitrary code

Users of Symantec Veritas NetBackup software are being advised to immediately update their systems with newly-created patches that repair several serious security vulnerabilities that could allow remote intruders to gain access to affected systems and execute arbitrary code.

In an announcement Wednesday, California-based Symantec said the software patches are available for Symantec Veritas NetBackup Master versions 6.0, 5.1 and 5.0, Media Servers and clients and for Storage Migrator for Unix versions 6.0, 5.1 and 5.0.

Symantec rated the severity of the vulnerabilities as "high," depending on a user's configuration.

Two of the problems involve buffer overflow vulnerabilities identified in the NetBackup bpcd daemon running on Symantec Veritas NetBackup Enterprise Servers, NetBackup Server and client systems as well as on Storage Migrator for Unix, according to Symantec.

"The overflows occur due to a failure to do proper input validation of incoming data," according to the statement. "A remote attacker who successfully gains network access to an affected system and successfully passes a specifically crafted packet through one of the identified vectors to this vulnerable daemon could potentially execute arbitrary code with elevated privilege on the targeted system."

The field report on the problem was first reported by security researchers at network intrusion prevention system vendor TippingPoint, a division of 3Com.

The other problem repaired by the patches is a programming logic error in how the bpcd daemon handles incoming system commands. That flaw could allow a remote attacker to append commands to a valid command and potentially run arbitrary code with elevated privileges on the targeted system, according to Symantec. That vulnerability was reported by IBM Internet Security Systems.

Symantec said it has received no reports of any of the vulnerabilities being exploited so far.

"If customers have followed recommended installations of the affected products and have configured their systems accordingly, the likelihood of customer impact is dramatically reduced," Vincent Weafer, senior director of Symantec Security Response, said. "Now is an ideal time for our customers to apply the fixes Symantec provided, as there are no known exploits of the vulnerabilities."

The vendor issued a TechAlert on the subject with more information on how to update the software. Additional details are also available at Symantec's Security Response Web site.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd R. Weiss

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?