Veritas-bu

[Veritas-bu] security alert FYI

2004-05-20 09:54:27
Subject: [Veritas-bu] security alert FYI
From: rob AT worman DOT org (Rob Worman)
Date: Thu, 20 May 2004 08:54:27 -0500
Veritas has posted acknowledgement/documentation
of this security problem.

http://support.veritas.com/docs/267917

executive summary:
===
-yes, there is a buffer overflow exploit

-this is only possible on systems using the nonroot_admin script,

-on those systems, the only users who can use this exploit are
those in the Unix group that was granted admin permissions via
the nonroot_admin script.

-the nonroot_admin script happens to be on the way out, to be
replaced by the "NetBackup Access Control" feature already
available as part of NBU 5.0 MP1.

-the 8 binaries known to have this overflow vulnerability will
be patched.  other binaries may be sueceptible, stay tuned...

better late than never.  :-)
HTH
rob