In an Wednesday, Cupertino, Calif.-based Symantec Corp. said the software patches are available for Symantec Veritas NetBackup Master versions 6.0, 5.1 and 5.0, Media Servers and clients and for Storage Migrator for Unix versions 6.0, 5.1 and 5.0.
Symantec rated the severity of the vulnerabilities as "high," depending on a user's configuration.
Two of the problems involve buffer overflow vulnerabilities identified in the NetBackup bpcd daemon running on Symantec Veritas NetBackup Enterprise Servers, NetBackup Server and client systems as well as on Storage Migrator for Unix, according to Symantec.
"The overflows occur due to a failure to do proper input validation of incoming data," according to the statement. "A remote attacker who successfully gains network access to an affected system and successfully passes a specifically crafted packet through one of the identified vectors to this vulnerable daemon could potentially execute arbitrary code with elevated privilege on the targeted system."
The field report on the problem was first reported by security researchers at network intrusion prevention system vendor TippingPoint, a division of 3Com Corp.