This is a multi-part message in MIME format.
--------------010802030007020902050902
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
--------------010802030007020902050902
Content-Type: message/rfc822;
name="CIAC BULLETIN Q-156 Veritas NetBackup: Multiple Overflow Vulnerabilities
inNetBackup Daemons"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="CIAC BULLETIN Q-156 Veritas NetBackup: Multiple Overflow
Vulnerabilities inNetBackup Daemons"
Return-path: <owner-cp-sns AT listserv.lbl DOT gov>
Received: from postala.lbl.gov (postala.lbl.gov [128.3.41.61])
by imapb.lbl.gov (iPlanet Messaging Server 5.2 HotFix 2.02 (built Oct 21
2004)) with ESMTPS id <0IWU009XUTBT9N AT imapb.lbl DOT gov>; Tue,
28 Mar 2006 12:09:29 -0800 (PST)
Received: from postala.lbl.gov (localhost [127.0.0.1])
by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9P7q022087; Tue,
28 Mar 2006 12:09:28 -0800 (PST)
Received: from listserv.lbl.gov (listserv.lbl.gov [128.3.41.40])
by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9Puw022083; Tue,
28 Mar 2006 12:09:25 -0800 (PST)
Received: from listserv.lbl.gov (localhost [127.0.0.1])
by listserv.lbl.gov (8.12.10/8.12.10) with ESMTP id k2SK9PUm009492; Tue,
28 Mar 2006 12:09:25 -0800 (PST)
Received: (from majordom@localhost)
by listserv.lbl.gov (8.12.10/8.12.10/Submit) id k2SK9PXf009491; Tue,
28 Mar 2006 12:09:25 -0800 (PST)
Received: from postala.lbl.gov (postala.lbl.gov [128.3.41.61])
by listserv.lbl.gov (8.12.10/8.12.10) with ESMTP id k2SK9OUm009487
for
<cp-sns AT listserv.lbl DOT gov>; Tue, 28 Mar 2006 12:09:24 -0800 (PST)
Received: from postala.lbl.gov (localhost [127.0.0.1])
by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9Nw7022070 for
<cp-sns AT listserv.lbl DOT gov>; Tue, 28 Mar 2006 12:09:23 -0800 (PST)
Received: from smtp-2.llnl.gov (smtp-2.llnl.gov [128.115.3.82])
by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9Nce022065; Tue,
28 Mar 2006 12:09:23 -0800 (PST)
Received: from rum.llnl.gov (localhost [127.0.0.1])
by smtp-2.llnl.gov (8.12.3p2-20030917/8.12.3/LLNL evision: 1.15 $)
with ESMTP id k2SK6g1l027470; Tue, 28 Mar 2006 12:06:42 -0800 (PST)
Received: (from majordomo@localhost)
by rum.llnl.gov (8.11.7p1+Sun/8.11.6/LLNL-6.2) id k2SK6Yj17347; Tue,
28 Mar 2006 12:06:34 -0800 (PST)
Received: (from ciac@localhost) by rum.llnl.gov (8.11.7p1+Sun/8.11.6/LLNL-6.2)
id k2SK3XR17185 for bulletin-list; Tue, 28 Mar 2006 12:03:33 -0800 (PST)
Date: Tue, 28 Mar 2006 12:03:33 -0800 (PST)
From: CIAC Mail User <ciac AT rum.llnl DOT gov>
Subject: CIAC BULLETIN Q-156 Veritas NetBackup: Multiple Overflow
Vulnerabilities in NetBackup Daemons
Sender: owner-cp-sns AT lbl DOT gov
To: bulletin-list AT rum.llnl DOT gov
Reply-to: ciac AT ciac DOT org
Message-id: <200603282003.k2SK3XR17185 AT rum.llnl DOT gov>
Precedence: bulk
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on postala
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on listserv
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on listserv
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on postala
X-Virus-Status: Clean
X-Authentication-warning: listserv.lbl.gov: majordom set sender to
owner-cp-sns AT listserv.lbl DOT gov using -f
X-Authentication-warning: rum.llnl.gov: majordomo set sender to
ciac-lists AT rum.llnl DOT gov using -f
-----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons
[SYM06-006]
March 28, 2006 18:00 GMT Number Q-156
______________________________________________________________________________
PROBLEM: Veritas NetBackup overflow vulnerabilities in vmd, bpdbm and
bpspsserver.
PLATFORM: NetBackup Enterprise Server/NetBackup Server;
Server and Clients 6.0, 5.1, 5.0.
NetBackup DataCenter and BusinesServer; Server and Clients;
4.5MP, 4.5FP
DAMAGE: Daemons could let remote users execute arbitrary code.
SOLUTION: Apply current patches
______________________________________________________________________________
VULNERABILITY The risk is HIGH. Daemons could let remote users execute
ASSESSMENT: arbitrary code.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-156.shtml
ORIGINAL BULLETIN: http://securityresponse.symantec.com/avcenter/security/
Content/2006.03.27.html
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2006-0989, CVE-2006-0990, CVE-2006-0991
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBRCmWBbnzJzdsy3QZAQH+hAP+N1jfGu7ah9K0A2Ze9+A7KHCwhUALVVlk
rZts54p/uALwwIMREhobiu8UuRayndqYu5jb1rSqFSvU1J3+2GSuTvabhh/o/GUJ
XAqdhBze6z05nGYA673dj62GDMmGxI/WuOgV9t8fDOLPSGGssuE6n7imsw6/9Onb
h6xCPfK7ywE=
=3i55
-----END PGP SIGNATURE-----
CIAC LIST: 6
--------------010802030007020902050902--
|