Menu
Critical software update for Symantec NetBackup users

Critical software update for Symantec NetBackup users

Users of Symantec Veritas NetBackup software are being advised to immediately update their systems with newly-created patches that repair several serious security vulnerabilities that could allow remote intruders to gain access to affected systems and execute arbitrary code.

In an announcement Cupertino, California.-based Symantec says the software patches are available for Symantec Veritas NetBackup Master versions 6.0, 5.1 and 5.0, Media Servers and clients and for Storage Migrator for Unix versions 6.0, 5.1 and 5.0.

Symantec rated the severity of the vulnerabilities as "high," depending on a user's configuration.

Two of the problems involve buffer overflow vulnerabilities identified in the NetBackup bpcd daemon running on Symantec Veritas NetBackup Enterprise Servers, NetBackup Server and client systems as well as on Storage Migrator for Unix, according to Symantec.

"The overflows occur due to a failure to do proper input validation of incoming data," according to the statement. "A remote attacker who successfully gains network access to an affected system and successfully passes a specifically crafted packet through one of the identified vectors to this vulnerable daemon could potentially execute arbitrary code with elevated privilege on the targeted system."

The field report on the problem was first reported by security researchers at network intrusion prevention system vendor TippingPoint, a division of 3Com.

The other problem repaired by the patches is a programming logic error in how the bpcd daemon handles incoming system commands. That flaw could allow a remote attacker to append commands to a valid command and potentially run arbitrary code with elevated privileges on the targeted system, according to Symantec. That vulnerability was reported by IBM Internet Security Systems.

The vendor issued a TechAlert on the subject with more information on how to update the software. Additional details are also available at Symantec's Security Response web site.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags unixsymantec3ComVeritas NetBackup. IBM

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments