SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Veritas NetBackup Vendors:   Veritas
Veritas NetBackup Multiple Flaws Let Remote Users Execute Arbitrary Commands, Remote Authenticated Users Deny Service, and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1037950
SecurityTracker URL:  http://securitytracker.com/id/1037950
CVE Reference:   CVE-2017-6407, CVE-2017-6408, CVE-2017-6409   (Links to External Site)
Date:  Mar 3 2017
Impact:   Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Server and Client 8.0 and prior; Appliance 3.0 and prior
Description:   Multiple vulnerabilities were reported in Veritas NetBackup. A remote user can execute arbitrary commands on the target system. A local user can obtain elevated privileges on the target system. A remote authenticated user can cause denial of service conditions.

A local user can execute arbitrary commands on the target server and a remote user can execute arbitrary commands on the target connected client [CVE-2017-6407]. The commands will run with root privileges on the target system. Server and Client versions prior to 7.7.2 are affected. Appliance versions prior to 2.7.2 are affected.

A local user can execute arbitrary commands on the target system. The commands will run with root privileges on the target system. Server and Client versions prior to 7.7.2 are affected. Appliance versions prior to 2.7.2 are affected.

A remote authenticated user can cause denial of service conditions on the target server.

A local user can execute arbitrary commands on the target server and a remote user can execute arbitrary commands on the target connected client. Server and Client versions prior to 7.7.2 are affected. Appliance versions prior to 2.7.2 are affected.

A local user can supply a specially crafted whitelist containing '../' directory traversal characters to execute arbitrary commands on the target system. Server and Client versions prior to 7.7.2 are affected. Appliance versions prior to 2.7.2 are affected.

On systems where 'bpcd' is used to execute 'bpnbat', a local user can execute arbitrary commands on the target system with root privileges.

A remote user can conduct DNS spoofing.

A local user can exploit a race condition in pbx_exchange to connect to a socket and impersonate a component on the target system. Server and Client versions prior to 7.7 are affected. Appliance versions prior to 2.7 are affected.

The system uses world writable log files. A local user can modify the files.

The NetBackup Cloud Storage Service uses a hardcoded username and password. A remote user can use the credentials to query and modify the configuration and to delete data.

A remote user can access CORBA interfaces without authentication [CVE-2017-6409].

Sven Blumenstein, Xiaoran Wang, and Andrew Griffiths from the Google Security Team reported these vulnerabilities.

Impact:   A remote user can execute arbitrary commands with root/system privileges on the target system.

A local user can obtain elevated privileges on the target system.

A remote authenticated user can cause denial of service conditions.

Solution:   The vendor has issued a fix for some of the vulnerabilities.

The vendor advisory is available at:

https://www.veritas.com/content/support/en_US/security/VTS17-003.html

Vendor URL:  www.veritas.com/content/support/en_US/security/VTS17-003.html (Links to External Site)
Cause:   Access control error, Input validation error, Not specified, State error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC