Details
iDefense Labs notified Symantec of a buffer overflow vulnerability in VERITAS NetBackup that could potentially allow a remote attacker to cause a denial of service or to execute arbitrary code. The vulnerability was initially found in the NetBackup vmd but further analysis revealed the problem occurs in a shared library used by vmd possibly impacting other daemons using that shared library also. The buffer overflow condition is due to improper bounds checking of user input. If a remote attacker were able to gain access to the affected library through one of the daemons and successfully exploit this vulnerability, they could potentially disrupt backup capabilities or possibly execute arbitrary code with elevated privileges on the targeted system.
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CAN-2005-3116 to this issue.
This issue is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)