SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Veritas NetBackup Vendors:   Veritas
Veritas NetBackup Appliance Lets Remote Users Execute Arbitrary Commands on the Target System
SecurityTracker Alert ID:  1037555
SecurityTracker URL:  http://securitytracker.com/id/1037555
CVE Reference:   CVE-2016-7399   (Links to External Site)
Date:  Jan 4 2017
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Appliance 2.6.x, 2.7.x
Description:   A vulnerability was reported in Veritas NetBackup Appliance. A remote user can execute arbitrary commands on the target system.

A remote user can exploit an unspecified flaw to execute arbitrary commands with root level privileges and gain full control of the target device.

NetBackup Appliance is affected.

NetBackup is not affected.

OpsCenter is not affected.

Matthew Hall with SEC-1 reported this vulnerability.

Impact:   A remote user can execute arbitrary commands on the target system with root level privileges.
Solution:   The vendor has issued a fix (EEB dated October 4, 2016) [in October 2016].

The vendor advisory is available at:

https://www.veritas.com/content/support/en_US/security/VTS16-002.html

Vendor URL:  www.veritas.com/content/support/en_US/security/VTS16-002.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC