[Veritas-bu] security alert FYI
2004-05-20 09:54:27
Subject: |
[Veritas-bu] security alert FYI |
From: |
rob AT worman DOT org (Rob Worman) |
Date: |
Thu, 20 May 2004 08:54:27 -0500 |
Veritas has posted acknowledgement/documentation
of this security problem.
http://support.veritas.com/docs/267917
executive summary:
===
-yes, there is a buffer overflow exploit
-this is only possible on systems using the nonroot_admin script,
-on those systems, the only users who can use this exploit are
those in the Unix group that was granted admin permissions via
the nonroot_admin script.
-the nonroot_admin script happens to be on the way out, to be
replaced by the "NetBackup Access Control" feature already
available as part of NBU 5.0 MP1.
-the 8 binaries known to have this overflow vulnerability will
be patched. other binaries may be sueceptible, stay tuned...
better late than never. :-)
HTH
rob
|
|
|