>
> *************************
> Widely Deployed Software
> *************************
>
> (1) HIGH: Symantec Veritas NetBackup Multiple Buffer Overflows
> Affected:
> Both server and client software is affected for the following products
> on all platforms.
> NetBackup Enterprise Server/NetBackup Server versions 5.0,
> 5.1 and 6.0
> NetBackup DataCenter and BusinesServer version 4.5FP and 4.5MP
>
> Description: Veritas NetBackup software offers a backup and recovery
> solution for mid to large size enterprises. The backup server, as well
> as, client contains stack-based buffer overflows that can be triggered
> by sending specially crafted requests to the volume manager daemon
> (13701/tcp), the Catalog daemon (13721/tcp) or the Sharepoint services
> daemon (13724/tcp). The problem arises because user-supplied input is
> copied to the process stack without any bounds checking. The buffer
> overflows can be easily exploited to execute arbitrary code. The
> technical details required to craft an exploit have been publicly
> posted. If the backup software is installed on a large number of
> enterprise desktop systems (a typical configuration that enables users
> to back up their important data), the vulnerabilities can be leveraged
> to compromise a large number of systems.
>
> Status: Veritas has released patches for all the affected software. A
> workaround is to block ports 13701/tcp, 13721/tcp and 13724/tcp at the
> network perimeter. The overflows in the backup software have
> been widely
> exploited during last year, and as a general security practice it is
> recommended to also block the other ports used by this software at the
> network perimeter. The list of ports is available here:
>
>
> Council Site Actions: More than half of the council sites are
> using the
> affected software. Most of these sites plan to deploy the patches
> during their next regularly scheduled system maintenance. One site
> commented that they just finished migrating to Legato and used this
> vulnerability as an excuse to turn the old system off. They had been
> running the old system. "just in case", off. Another site
> said that as
> a result of this vulnerability, they built a test server that same day
> in preparation for a full version upgrade of Veritas.
>
> References:
> Veritas Advisory
>
> ZDI Advisories
>
>
> Securiteam Advisory
>
> Product Homepages and Information
>
> otection/nbu_6_tech_overview_wp_060105.pdf
>
>
> SecurityFocus BIDs
>
>
> **************************************************************
>
> 06.13.1 CVE: Not Available
> Platform: Windows
> Title: Windows Help Image Processing Heap Overflow
> Description: winhlp32.exe is the Microsoft Windows Help File viewer.
> It is vulnerable to a heap overflow issue when handling a specially
> crafted Windows Help (.hlp) file containing a malicious image. See the
> advisory for a list of vulnerable Windows operating systems.
> Ref:
>
> ______________________________________________________________________
>
> 06.13.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Office XP Array Index Denial of Service
> Description: Microsoft Office is prone to a denial of service
> condition when handling malformed files. Specifically, when .xls or
> .xlw files containing a malformed array index is opened using Excel,
> Word, or PowerPoint, an exception will be thrown by the "mso.dll"
> library. Office XP is vulnerable to this issue; other versions may
> also be affected.
> Ref:
> ______________________________________________________________________
>
> 06.13.4 CVE: CVE-2005-0922, CVE-2005-0923
> Platform: Third Party Windows Apps
> Title: Symantec Norton Antivirus Remote Denial of Service
> Description: Symantec Norton Antivirus is vulnerable to a remote
> unspecified denial of service issue when handling a malicious file
> with the Auto-Protect module. See the reference for a list of
> vulnerable versions.
> Ref:
> ______________________________________________________________________
>
> 06.13.20 CVE: CVE-2006-0052
> Platform: Cross Platform
> Title: GNU Mailman Attachment Scrubber Malformed MIME Message Denial
> of Service
> Description: GNU Mailman is prone to denial of service attacks. This
> issue affects the attachment scrubber utility. The issue is caused by
> improper exception handling in the "Scrubber.py" script. The specific
> issue is caused when the script handles an email that includes a
> single malformed multipart MIME-encoded part. GNU Mailman version 2.5
> when used in conjunction with Python email is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.13.21 CVE: CVE-2006-1059
> Platform: Cross Platform
> Title: Samba Machine Trust Account Local Information Disclosure
> Description: Samba is susceptible to a local information disclosure
> vulnerability. This issue is due to a design error that potentially
> leads to sensitive information being written to log files. This occurs
> when the debugging level has been set to 5 or higher. Samba versions
> 3.0.21 through to 3.0.21c that use the "winbindd" daemon are
> susceptible to this issue.
> Ref:
> ______________________________________________________________________
