VERITAS NetBackup Remote Code Execution
ZDI-05-001: October 12th, 2005CVE ID
Affected Vendors
Affected Products
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 3766. For further product information on the TippingPoint IPS:Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability.
This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the 'COMMAND_LOGON_TO_MSERVER' command. The vulnerable daemon listens on TCP port 13722 and affects both NetBackup clients and servers.
Vendor Response
Symantec states:Symantec Engineers have verified this issue and made security updates available for the supported VERITAS NetBackup products. Symantec strongly recommends all customers immediately apply the latest updates for their supported product versions to protect against these types of threats. Please refer to the Symantec advisory for update information:
http://www.symantec.com/avcenter/security/Content/2005.10.12.html
Disclosure Timeline
-
2005-09-12 - Vulnerability reported to vendor
2005-10-12 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
This vulnerability was discovered by Kevin Finisterre with exploitation assistance from JohnH.
