SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Veritas NetBackup Vendors:   Symantec
Symantec Veritas NetBackup vnetd Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021734
SecurityTracker URL:  http://securitytracker.com/id/1021734
CVE Reference:   CVE-2009-0651   (Links to External Site)
Updated:  Feb 26 2009
Original Entry Date:  Feb 18 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.x
Description:   A vulnerability was reported in Symantec Veritas NetBackup. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user with access to the target system's local network can insert arbitrary code during the administrative login exchange between the Veritas network daemon (vnetd) and the client. Arbitrary code can be executed on the target system with administrative privileges.

National Australia Bank's Security Assurance team reported this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   The vendor has issued the following fix.

Symantec Veritas NetBackup Enterprise Server/clients: 6.0 MP7 S01

Symantec Veritas NetBackup Server/clients: 6.5.3.1

The vendor's advisory is available at:

http://securityresponse.symantec.com/avcenter/security/Content/2009.02.17.html

Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2009.02.17.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 20 2009 (Sun Issues Fix) Symantec Veritas NetBackup vnetd Lets Remote Authenticated Users Execute Arbitrary Code
Sun has issued a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC