Signature Detail
Short Name |
APP:VERITAS:NETBCKP-CMD-EXEC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Veritas NetBackup Remote Command Execution |
Release Date |
2009/11/05 |
Update Number |
1539 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Veritas NetBackup Remote Command Execution
This signature detects attempts to exploit a known vulnerability against Veritas NetBackup, which allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, at the same time an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address. A successful attack can lead to arbitrary code execution.
Extended Description
Veritas NetBackup is reported prone to a privilege escalation vulnerability. This issue may allow remote attackers to gain elevated privileges on a vulnerable computer. An attacker can supply specially crafted commands to the server, which execute with superuser privileges.
Affected Products
- Veritas Software NetBackup BusinesServer 3.4.0
- Veritas Software NetBackup BusinesServer 3.4.1
- Veritas Software NetBackup BusinesServer 4.5.0
- Veritas Software NetBackup DataCenter 3.4.0
- Veritas Software NetBackup DataCenter 3.4.1
- Veritas Software NetBackup DataCenter 4.5.0
- Veritas Software NetBackup Enterprise Server 5.1.0
- Veritas Software NetBackup Server 5.0.0
- Veritas Software NetBackup Server 5.1.0
References
- BugTraq: 11494
- CVE: CVE-2004-1389
- URL: http://seer.support.veritas.com/docs/271727.htm