Symantec has urged users of its NetBackup software to immediately install a series of new security patches.
The patches that repair several serious holes that could allow remote intruders to gain access to affected systems and execute arbitrary code, the company has warned. The patches cover Symantec Veritas NetBackup Master versions 6.0, 5.1 and 5.0, Media Servers and clients and for Storage Migrator for Unix versions 6.0, 5.1 and 5.0.
Symantec has rated the severity of the holes "high", adding that they depend on a user's particular configuration.
Two of the problems involve buffer overflow vulnerabilities identified in the NetBackup bpcd daemon running on NetBackup servers, NetBackup Server and client systems as well as on Storage Migrator for Unix.
"The overflows occur due to a failure to do proper input validation of incoming data," said a statement. "A remote attacker who successfully gains network access to an affected system and successfully passes a specifically crafted packet through one of the identified vectors to this vulnerable daemon could potentially execute arbitrary code with elevated privilege on the targeted system."
The field report on the problem was first reported by security researchers at network intrusion prevention system vendor TippingPoint, a division of 3Com.
The other problem repaired by the patches is a programming logic error in how the bpcd daemon handles incoming system commands. That flaw could allow a remote attacker to append commands to a valid command and potentially run arbitrary code with elevated privileges on the targeted system. That vulnerability was reported by IBM Internet Security Systems.
Symantec said it has received no reports of any of the vulnerabilities being exploited so far.