Advisory Details

October 12th, 2005

VERITAS NetBackup Remote Code Execution

ZDI-05-001
ZDI-CAN-001

CVE ID CVE-2005-2715
CVSS SCORE
AFFECTED VENDORS Symantec
AFFECTED PRODUCTS Veritas NetBackup
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 3766. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability.

This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the 'COMMAND_LOGON_TO_MSERVER' command. The vulnerable daemon listens on TCP port 13722 and affects both NetBackup clients and servers.

ADDITIONAL DETAILS

Symantec Engineers have verified this issue and made security updates available for the supported VERITAS NetBackup products. Symantec strongly recommends all customers immediately apply the latest updates for their supported product versions to protect against these types of threats. Please refer to the Symantec advisory for update information:

http://www.symantec.com/avcenter/security/Content/2005.10.12.html


DISCLOSURE TIMELINE
  • 2005-09-12 - Vulnerability reported to vendor
  • 2005-10-12 - Coordinated public release of advisory
CREDIT This vulnerability was discovered by Kevin Finisterre with exploitation assistance from JohnH.
BACK TO ADVISORIES