|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 3766. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability.
This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the 'COMMAND_LOGON_TO_MSERVER' command. The vulnerable daemon listens on TCP port 13722 and affects both NetBackup clients and servers.
Symantec Engineers have verified this issue and made security updates available for the supported VERITAS NetBackup products. Symantec strongly recommends all customers immediately apply the latest updates for their supported product versions to protect against these types of threats. Please refer to the Symantec advisory for update information:
|CREDIT||This vulnerability was discovered by Kevin Finisterre with exploitation assistance from JohnH.