Symantec says it has fixed vulnerabilities in its NetBackup storage software identified by TippingPoint.

A brace of good ol' buffer overflow problems hit the backup program, meaning "A remote attacker who successfully gains access to the targeted system can append commands to a valid command and potentially leverage this issue to run arbitary commands with elevated privilege on the targeted system."

Symantec says there are no known exploitations so far. Maintenance updates are now available to patch the holes. In a statement, the firm said: "Symantec takes the security of our products and our customers very seriously." You'd hope.

"Symantec engineers have verified and corrected these issues in all currently supported versions of NetBackup," the firm added.

An internal review recently identified other security quibbles in NetBackup, which Symantec was working on fixing when the two new ones were Tipping-Pointed out.

The fixes are available here. ®

Related stories

• Symantec releases new NetBackup (14 August 2007)
• Symantec reaches endpoint with $830m Altiris (29 January 2007)
• Symantec plans $200m worth of cuts (25 January 2007)
• Worms own Symantec users (17 January 2007)
• Symantec sues counterfeit ring for $15m+ (13 December 2006)
• Symantec auditions for services residency (13 December 2006)
• Updated Symantec customers stranded by renewals glitch (4 December 2006)
• Symantec rejigs Veritas line-up (10 May 2006)
• Symantec to cleanse remote offices of tape demons (6 April 2006)