Vulnerability Bulletins |
Aumento de privilegios en Symantec Veritas NetBackup Java Administration GUI |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de privilegios |
Dificulty | Experto |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | Comercial Software |
Affected software |
Symantec Veritas NetBackup Server < 6.5.2 Symantec Veritas NetBackup Server < 6.0 MP7 Symantec Veritas NetBackup Server < 5.1 MP7 Symantec Veritas NetBackup Enterprise Server < 6.5.2 Symantec Veritas NetBackup Enterprise Server < 6.0 MP7 Symantec Veritas NetBackup Enterprise Server < 5.1 MP7 |
Description |
|
Se ha descubierto una vulnerabilidad en Symantec Veritas NetBackup (Enterprise) Server 6.5, 6.0 y 5.1. La vulnerabilidad reside en un error en la interfaz gráfica de administración jnbSA (Java Administration GUI). Un atacante local podría aumentar sus privilegios y ejecutar comandos arbitrarios mediante métodos no especificados. |
|
Solution |
|
Actualización de software Symantec (SYM08-016) Symantec Veritas NetBackup (Enterprise) Server / patch 5.1 MP7 Symantec Veritas NetBackup (Enterprise) Server / patch 6.0 MP7 Symantec Veritas NetBackup (Enterprise) Server / patch 6.5.2 http://kb.altiris.com/ Sun (239908) VERITAS (Symantec) NetBackup 6.0 / SPARC / patch 122073-04 o patch 119009-11 o posterior VERITAS (Symantec) NetBackup 6.5 / SPARC / patch 127655-02 o posterior VERITAS (Symantec) NetBackup 6.5 / x86 / patch 127656-02 o posterior http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Standar resources |
|
Property | Value |
CVE | |
BID | 31221 |
Other resources |
|
Symantec Security Advisory (SYM08-016) http://securityresponse.symantec.com/avcenter/security/Content/2008.09.24a.html Sun Alert Notification (239908) http://sunsolve.sun.com/search/document.do?assetkey=1-66-239908-1 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2008-09-25 |
1.1 | Aviso emitido por Sun (239908) | 2008-10-01 |