Symantec Patches NetBackup PHP Vulnerability

patched a vulnerability in the version of PHP

The buffer overflow flaw stems from Symantec's use of older versions of PHP, an open-source scripting language, in its Symantec Veritas NetBackup 6.0 PureDisk Remote Office Edition software. Although the management interface for NetBackup Puredisk is protected by SSL encryption, an attacker could leverage the PHP vulnerability to execute arbitrary code on servers running in administrative mode, according to Symantec.

However, the potential impact of the flaw is limited by the fact that NetBackup Puredisk runs in non-administrative mode by default, Symantec said.

Security firm Secunia rated the vulnerability as "highly critical," or 4 on a 5-point scale, and the French Security Incident Response Team (FrSIRT) deemed the flaw as "critical," or 4 on a 4-point scale.

In an advisory issued earlier this month, Symantec assigned the PHP vulnerability a threat rating of 8.9 on a 10-point scale and noted that the issue has been fixed in PHP version 5.2.

Symantec advised users to apply the patch or upgrade to NetBackup 6.1 PureDisk Remote Office Edition.