December 13, 2006 3:04 PM PST

Symantec plugs trio of NetBackup holes

Symantec on Wednesday released updates for its Veritas NetBackup software to repair a trio of serious security vulnerabilities.

The flaws affect Veritas NetBackup Master, Media Servers and clients, the Cupertino, Calif.-based company said in a security alert. An attacker with access to a vulnerable NetBackup host could gain complete control over the targeted system, it said.

Two of the flaws are buffer overflow problems in the NetBackup bpcd communications daemon running on the NetBackup servers and client systems, Symantec said. It also affects the daemon running on Storage Migrator for Unix, if that option is installed. These issues were reported through TippingPoint's bug bounty program, Symantec said.

The third issue is a programming logic error in how the same bpcd daemon handles incoming system commands. This problem was discovered by IBM's Internet Security Systems.

Symantec found additional potential security problems during a review of the NetBackup code, it said. Those unspecified issues have also been addressed in the updates.

In recommended installations, Veritas NetBackup systems should be configured to restrict access to trusted hosts only and not be exposed to the Internet. This would limit any possible attacks to the insiders, Symantec said.

The software affected are versions 5.0, 5.1 and 6.0 of NetBackup server and client software, plus the Storage Migrator for Unix option. There are no current attacks that take advantage of any of the flaws, Symantec said. The updates are available on the company's Web site.

See more CNET content tagged:
VERITAS NetBackup, VERITAS Software Corp., Symantec Corp., daemon, trio

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.