Re: ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow

["ad () heapoverflow com" <ad () heapoverflow com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
it sounds like idefense has been out of course on this one again ,
wonder why , oopps :>

zdi-disclosures () 3com com wrote:
> ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer
> Overflow
> http://www.zerodayinitiative.com/advisories/ZDI-06-005.html March
> 27, 2006
>
> -- CVE ID: CVE-2006-0989
>
> -- Affected Vendor: Symantec VERITAS
>
> -- Affected Products: VERITAS NetBackup v6.0
>
> -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS
> customers have been protected against this vulnerability since
> December 19, 2005 by Digital Vaccine protection filter ID 3976. For
> further product information on the TippingPoint IPS:
>
> http://www.tippingpoint.com
>
> -- Vulnerability Details: This vulnerability allows remote
> attackers to execute arbitrary code on vulnerable Symantec VERITAS
> NetBackup installations. Authentication is not required to exploit
> this vulnerability.
>
> This specific flaw exists within the volume manager daemon
> (vmd.exe) due to incorrect bounds checking during a call to
> sscanf() that copies user-supplied data to a stack-based buffer.
> The vulnerable daemon listens on TCP port 13701.
>
> -- Vendor Response: Symantec engineers have addressed these issues
> in all currently supported versions of NetBackup. Symantec
> engineers did additional reviews and will continue on-going reviews
> of related file functionality to further enhance the overall
> security of Veritas NetBackup products and to eliminate any
> additional potential concerns.
>
> Security updates are available for all supported products. Symantec
>  strongly recommends all customers immediately apply the latest
> cumulative Security Pack updates or Maintenance Pack releases as
> indicated for their supported product versions to protect against
> threats of this nature.
>
> http://support.veritas.com/docs/281521
>
> -- Disclosure Timeline: 2005.12.20 - Vulnerability reported to
> vendor 2005.12.19 - Digital Vaccine released to TippingPoint
> customers 2006.03.24 - Vulnerability information provided to ZDI
> security partners 2006.03.27 - Coordinated public release of
> advisory
>
> -- Credit: This vulnerability was discovered by Sebastian Apelt.
>
> -- About the Zero Day Initiative (ZDI): Established by
> TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI)
> represents a best-of-breed model for rewarding security researchers
> for responsibly disclosing discovered vulnerabilities.
>
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
>
> http://www.zerodayinitiative.com
>
> The ZDI is unique in how the acquired vulnerability information is
> used. 3Com does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> 3Com provides its customers with zero day protection through its
> intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with
> the altruistic aim of helping to secure a broader user base, 3Com
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection
> or mitigation product.
>
>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
>
>
>
> __________ NOD32 1.1458 (20060324) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEKE8TFJS99fNfR+YRAhAoAJ4oWAooN6MMD1ggD0rcgNKZ56fnvACfSfTU
3YVD6eyCHm5D/OqC0+MEJjg=
=qDjV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/