CVE-2005-3116

VERITAS NetBackup Enterprise Server <5.1 MP3A - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3116. PoCs published by Patrick Thomassen.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in Veritas NetBackup's Volume Manager Daemon (tcp/13701). It uses a two-stage shellcode approach due to limited buffer space, first sending a small connect-back shellcode to retrieve a larger payload.

Description

Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Patrick Thomassen · c++remotewindows

https://www.exploit-db.com/exploits/1421

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in Veritas NetBackup's Volume Manager Daemon (tcp/13701). It uses a two-stage shellcode approach due to limited buffer space, first sending a small connect-back shellcode to retrieve a larger payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Veritas NetBackup v4/v5/v6

No auth needed

Prerequisites: Network access to target's tcp/13701 · Target running vulnerable Veritas NetBackup version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/20674

Patch, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/574662

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/422066/100/0/threaded

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15353

Patch third-party-advisory x_refsource_idefense

http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015170

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17503

Patch x_refsource_confirm

http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/422157/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/22985

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2349

Patch, Vendor Advisory x_refsource_confirm

http://seer.support.veritas.com/docs/279553.htm

Scores

EPSS 0.5511

EPSS Percentile 98.1%

Details

Status published

Products (9)

symantec_veritas/netbackup 5.0_with_mp1

symantec_veritas/netbackup 5.0_with_mp2

symantec_veritas/netbackup 5.0_with_mp3

symantec_veritas/netbackup 5.0_with_mp4

symantec_veritas/netbackup 5.0_with_mp5

symantec_veritas/netbackup 5.1_with_mp1

symantec_veritas/netbackup 5.1_with_mp2

symantec_veritas/netbackup 5.1_with_mp3a

symantec_veritas/netbackup 5.1_without_mp

Published Nov 18, 2005

Tracked Since Feb 18, 2026