|
|
[UNIX] Veritas NetBackup TIME_STAMP DoS: msg#00065security.securiteam
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - Veritas NetBackup TIME_STAMP DoS ------------------------------------------------------------------------ SUMMARY " <http://www.veritas.com/> VERITAS NetBackup Server software is a cost-effective heterogeneous backup and recovery solution designed for mid-size organizations, workgroups, and remote offices." VERITAS NetBackup's <http://www.ndmp.org/info/faq.shtml> NDMP Server vulnerable to denial of service via its handling of the TIME_STAMP variable. DETAILS Vulnerable Systems: * NetBackup version 5.1 NetBackup runs a <http://www.ndmp.org/info/faq.shtml> NDMP server that listens on port 10000/TCP. It is possible to cause an access violation by sending a 'CONFIG' message request to the NDMP server with a timestamp in the ndmpheader that is out of range: enum ndmp_message_type { NDMP_REQUEST }; struct ndmp_header { u_long sequence; (local counter that starts at 1 and increases by 1 for every message sent) u_long time_stamp; (in seconds since 00:00:00 GMT, Jan 1, 1970) ndmp_message_type message_type; (request or reply message) ndmp_message message; (tape data config etc) u_long reply_sequence; (number from the request message to which the reply is associated) ndmp_error error; (verbose) }; ADDITIONAL INFORMATION The original article can be found at: <http://www.hat-squad.com/en/000170.html> http://www.hat-squad.com/en/000170.html ======================================== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [NEWS] Oracle Products Multiple Vulnerabilities (TA05-194A): 00065, SecuriTeam |
|---|---|
| Next by Date: | [NT] GoodTech SMTP Server RCPT TO Buffer Overflow: 00065, SecuriTeam |
| Previous by Thread: | [NEWS] Oracle Products Multiple Vulnerabilities (TA05-194A)i: 00065, SecuriTeam |
| Next by Thread: | [NT] GoodTech SMTP Server RCPT TO Buffer Overflow: 00065, SecuriTeam |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |