Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Veritas NetBackup Vendors:   Symantec
Symantec NetBackup Buffer Overflows and Logic Error in bpcd Daemon Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017379
SecurityTracker URL:
CVE Reference:   CVE-2006-4902, CVE-2006-5822, CVE-2006-6222   (Links to External Site)
Date:  Dec 14 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 5.1, 6.0
Description:   A vulnerability was reported in Symantec NetBackup. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a buffer overflow in the bpcd daemon and execute arbitrary code on the target system [CVE-2006-5822, CVE-2006-6222]. The code will run with the privileges of the target service.

Long requests and specially crafted CONNECT_OPTIONS commands can trigger this flaw.

The vendor was notified of the buffer overflow vulnerabilities on August 14, 2006.

The bpcd daemon also does not properly process user-supplied system commands. A remote user can append commands to a valid command to potentially execute arbitrary commands with elevated privilege on the targeted system.

Symantec Veritas NetBackup Enterprise Servers and NetBackup Server and client systems are affected. The Storage Migrator for Unix option is also affected.

Symantec credits Sebastian Apelt and TippingPoint with reporting the buffer overflows and Paul Metha of IBM Internet Security System's X-Force Research Team with reporting the logic error.

The original advisories are available at:

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued fixed versions (5.0_MP7, 5.1_MP6, 6.0_MP4), available at:

The Symantec advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC