----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
https://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Symantec Veritas NetBackup "vnetd" Server Data Processing
Vulnerability

SECUNIA ADVISORY ID:
SA33953

VERIFY ADVISORY:
https://secunia.com/advisories/33953/

DESCRIPTION:
A vulnerability has been reported in Symantec Veritas NetBackup,
which can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to an error in the administrative
login process through the Veritas network daemon (vnetd). This can be
exploited to e.g. cause a memory corruption by injecting malformed
server data.

Successful exploitation allows execution of arbitrary code, but may
require e.g. a MitM (Man-in-the-Middle) attack.

The vulnerability is reported in the following products and
versions:
* Symantec Veritas NetBackup Server / Enterprise Server 5.x
* Symantec Veritas NetBackup Server / Enterprise Server 6.0 through
6.0 MP7
* Symantec Veritas NetBackup Server / Enterprise Server 6.5 through
6.5.3

SOLUTION:
Apply patches.

Symantec Veritas NetBackup Server / Enterprise Server 5.x:
5.x versions are no longer supported. Upgrade to a 6.x version and
apply patch.

Symantec Veritas NetBackup Server / Enterprise Server 6.0:
Apply NetBackup 6.0 Maintenance Pack 7 Security Patch 1 (6.0 MP7
S01).

Symantec Veritas NetBackup Server / Enterprise Server 6.5.x:
Apply NetBackup 6.5 Release Update 3 Hotfix 1 (6.5.3.1).

PROVIDED AND/OR DISCOVERED BY:
The vendor credits the Security Assurance team of National Australia
Bank.

ORIGINAL ADVISORY:
SYM08-016:
https://securityresponse.symantec.com/avcenter/security/Content/2009.02.17.html

SYM09-002:
https://seer.entsupport.symantec.com/docs/317828.htm

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
https://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
https://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------