This is a multi-part message in MIME format.
--------------010802030007020902050902
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



--------------010802030007020902050902
Content-Type: message/rfc822;
 name="CIAC BULLETIN Q-156 Veritas NetBackup: Multiple Overflow Vulnerabilities 
inNetBackup Daemons"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="CIAC BULLETIN Q-156 Veritas NetBackup: Multiple Overflow 
Vulnerabilities inNetBackup Daemons"

Return-path: <owner-cp-sns AT listserv.lbl DOT gov>
Received: from postala.lbl.gov (postala.lbl.gov [128.3.41.61])
 by imapb.lbl.gov (iPlanet Messaging Server 5.2 HotFix 2.02 (built Oct 21
 2004)) with ESMTPS id <0IWU009XUTBT9N AT imapb.lbl DOT gov>; Tue,
 28 Mar 2006 12:09:29 -0800 (PST)
Received: from postala.lbl.gov (localhost [127.0.0.1])
        by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9P7q022087; Tue,
 28 Mar 2006 12:09:28 -0800 (PST)
Received: from listserv.lbl.gov (listserv.lbl.gov [128.3.41.40])
        by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9Puw022083; Tue,
 28 Mar 2006 12:09:25 -0800 (PST)
Received: from listserv.lbl.gov (localhost [127.0.0.1])
        by listserv.lbl.gov (8.12.10/8.12.10) with ESMTP id k2SK9PUm009492; Tue,
 28 Mar 2006 12:09:25 -0800 (PST)
Received: (from majordom@localhost)
        by listserv.lbl.gov (8.12.10/8.12.10/Submit) id k2SK9PXf009491; Tue,
 28 Mar 2006 12:09:25 -0800 (PST)
Received: from postala.lbl.gov (postala.lbl.gov [128.3.41.61])
        by listserv.lbl.gov (8.12.10/8.12.10) with ESMTP id k2SK9OUm009487      
for
 <cp-sns AT listserv.lbl DOT gov>; Tue, 28 Mar 2006 12:09:24 -0800 (PST)
Received: from postala.lbl.gov (localhost [127.0.0.1])
        by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9Nw7022070 for
 <cp-sns AT listserv.lbl DOT gov>; Tue, 28 Mar 2006 12:09:23 -0800 (PST)
Received: from smtp-2.llnl.gov (smtp-2.llnl.gov [128.115.3.82])
        by postala.lbl.gov (8.13.6/8.13.6) with ESMTP id k2SK9Nce022065; Tue,
 28 Mar 2006 12:09:23 -0800 (PST)
Received: from rum.llnl.gov (localhost [127.0.0.1])
        by smtp-2.llnl.gov (8.12.3p2-20030917/8.12.3/LLNL evision: 1.15 $)
 with ESMTP id k2SK6g1l027470; Tue, 28 Mar 2006 12:06:42 -0800 (PST)
Received: (from majordomo@localhost)
        by rum.llnl.gov (8.11.7p1+Sun/8.11.6/LLNL-6.2) id k2SK6Yj17347; Tue,
 28 Mar 2006 12:06:34 -0800 (PST)
Received: (from ciac@localhost) by rum.llnl.gov (8.11.7p1+Sun/8.11.6/LLNL-6.2)
 id k2SK3XR17185        for bulletin-list; Tue, 28 Mar 2006 12:03:33 -0800 (PST)
Date: Tue, 28 Mar 2006 12:03:33 -0800 (PST)
From: CIAC Mail User <ciac AT rum.llnl DOT gov>
Subject: CIAC BULLETIN Q-156 Veritas NetBackup: Multiple Overflow
 Vulnerabilities in NetBackup Daemons
Sender: owner-cp-sns AT lbl DOT gov
To: bulletin-list AT rum.llnl DOT gov
Reply-to: ciac AT ciac DOT org
Message-id: <200603282003.k2SK3XR17185 AT rum.llnl DOT gov>
Precedence: bulk
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on postala
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on listserv
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on listserv
X-Virus-Scanned: ClamAV 0.88/1360/Tue Mar 28 11:21:07 2006 on postala
X-Virus-Status: Clean
X-Authentication-warning: listserv.lbl.gov: majordom set sender to
 owner-cp-sns AT listserv.lbl DOT gov using -f
X-Authentication-warning: rum.llnl.gov: majordomo set sender to
 ciac-lists AT rum.llnl DOT gov using -f

-----BEGIN PGP SIGNED MESSAGE-----


             __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

   Veritas NetBackup: Multiple Overflow Vulnerabilities in NetBackup Daemons 
                                  [SYM06-006]

March 28, 2006 18:00 GMT                                          Number Q-156
______________________________________________________________________________
PROBLEM:       Veritas NetBackup overflow vulnerabilities in vmd, bpdbm and 
               bpspsserver. 
PLATFORM:      NetBackup Enterprise Server/NetBackup Server; 
               Server and Clients 6.0, 5.1, 5.0. 
               NetBackup DataCenter and BusinesServer; Server and Clients; 
               4.5MP, 4.5FP 
DAMAGE:        Daemons could let remote users execute arbitrary code. 
SOLUTION:      Apply current patches 
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. Daemons could let remote users execute 
ASSESSMENT:    arbitrary code. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/q-156.shtml 
 ORIGINAL BULLETIN:  http://securityresponse.symantec.com/avcenter/security/
                     Content/2006.03.27.html 
 CVE:                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= 
                     CVE-2006-0989, CVE-2006-0990, CVE-2006-0991 
______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBRCmWBbnzJzdsy3QZAQH+hAP+N1jfGu7ah9K0A2Ze9+A7KHCwhUALVVlk
rZts54p/uALwwIMREhobiu8UuRayndqYu5jb1rSqFSvU1J3+2GSuTvabhh/o/GUJ
XAqdhBze6z05nGYA673dj62GDMmGxI/WuOgV9t8fDOLPSGGssuE6n7imsw6/9Onb
h6xCPfK7ywE=
=3i55
-----END PGP SIGNATURE-----
CIAC LIST: 6

--------------010802030007020902050902--