Vulnerability Bulletins

int(1909)

Vulnerability Bulletins

Bug de formato en VERITAS NetBackup
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	Comercial Software
Affected software	VERITAS NetBackup 3.4 VERITAS NetBackup DataCenter/BusinesServer 4.5MP VERITAS NetBackup DataCenter/BusinesServer 4.5FP VERITAS NetBackup Enterprise/Server/Client 5.0 VERITAS NetBackup Enterprise/Server/Client 5.1 VERITAS NetBackup Enterprise/Server/Client 6.0
Description
Se ha descubierto un bug de formato en servidores y agentes de VERITAS NetBackup. La vulnerabilidad reside en la interfaz de usuario de Java, concretamente en el servicio de autenticación bpjava-msvc. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario con los privilegios del demonio bpjava-msvc (que usualmente se ejecuta como SYSTEM o root).
Solution
Actualización de software Symantec VERITAS NetBackup DataCenter and BusinesServer 4.5MP NB_45_9S1729_M VERITAS NetBackup DataCenter and BusinesServer 4.5FP NB_45_9S1443_F VERITAS NetBackup Enterprise/Server/Client 5.0 NB_50_5S1320_M VERITAS NetBackup Enterprise/Server/Client 5.1 NB_51_3AS0949_M VERITAS NetBackup Enterprise/Server/Client 6.0 NB_60_3S0007_M http://support.veritas.com/docs/279085 Sun VERITAS NetBackup DataCenter, NetBackup BusinesServer 4.5 Maintenance Pack track / patch 119004-01 VERITAS NetBackup DataCenter, NetBackup BusinesServer 4.5 Feature Pack track / patch 119005-01 http://support.veritas.com/menu_ddProduct_NETBACKUPDC_view_DOWNLOAD.htm VERITAS NetBackup Enterprise Server, NetBackup Server 5.0 / patch 119006-01 VERITAS NetBackup Enterprise Server, NetBackup Server 5.1 / patch 119007-01 VERITAS NetBackup Enterprise Server, NetBackup Server 6.0 / patch 119008-01 http://support.veritas.com/menu_ddProduct_NBUESVR_view_DOWNLOAD.htm
Standar resources
Property	Value
CVE	CAN-2005-2715
BID
Other resources
Symantec Security Advisory SYM05-018 http://securityresponse.symantec.com/avcenter/security/Content/2005.10.12.html Veritas Document ID: 279085 http://support.veritas.com/docs/279085.htm Sun Alert Notification (102054) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102054-1

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-10-19
2.0	Exploit público disponible.	2005-11-29
2.1	Aviso emitido por Sun (102054)	2005-12-07

Vulnerability Bulletins

Bug de formato en VERITAS NetBackup

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history