14 DAY TRIAL // Symantec Veritas NetBackup is a solution that was meant to protect the users' computers by offering them a single console for backup and restore operations. Administrators are able to control the entire application directly from the desktop data center, Symantec Veritas NetBackup being compatible with Windows, Linux and NetWare environments.
Today, a new vulnerability that will allow an attacker to execute arbitrary code and to control a vulnerable computer was identified, Symantec confirming the flaw. The company already issued a patch to fix the vulnerability, saying that the users of the solution should always be configured to be restricted to trusted-host access.
Symantec confirmed multiple vulnerabilities discovered in Symantec's Veritas NetBackup Master, Media Servers and clients that can allow an attacker that successfully exploits the flaw to execute malicious code.
"The overflows occur due to a failure to do proper input validation of incoming data. A remote attacker who successfully gains network access to an affected system and successfully passes a specifically crafted packet through one of the identified vectors to this vulnerable daemon could potentially execute arbitrary code with elevated privilege on the targeted system.
NetBackup fails to properly check the logic on incoming commands. A remote attacker who successfully gains access to the targeted system can append commands to a valid command and potentially leverage this issue to run arbitrary commands with elevated privilege on the targeted system," Symantec said.
Even if Secunia rated the flaw as "moderately critical" and Symantec said the vulnerability has "high" severity, the company already issued a patch to fix the security flaws. So, if you think you are vulnerable to attacks, you should visit this site and check if your version is affected by the flaw.