J-Security Center

Title: Symantec Veritas NetBackup Communication Setup Remote Privilege Escalation Vulnerability

Severity: CRITICAL

Description:

Symantec Veritas NetBackup Server and Enterprise Server are network-enabled backup solutions available for various platforms.

The applications are prone to a remote privilege-escalation vulnerability because they fail to adequately sanitize data during initial communication handshakes with the client via the 'vnetd' daemon.

Remote authorized attackers who have access to the targeted host's local network can exploit this issue to execute arbitrary code with elevated privileges. Successfully exploiting this issue may compromise the affected computer. Failed attempts may result in a denial-of-service; other consequences may also be possible.

Affected Products:

  • Symantec Veritas NetBackup Enterprise Server 5.1
  • Symantec Veritas NetBackup Enterprise Server 5.1 MP7
  • Symantec Veritas NetBackup Enterprise Server 6.0
  • Symantec Veritas NetBackup Enterprise Server 6.0 MP7
  • Symantec Veritas NetBackup Enterprise Server 6.5
  • Symantec Veritas NetBackup Enterprise Server 6.5.2
  • Symantec Veritas NetBackup Server 5.1
  • Symantec Veritas NetBackup Server 5.1 MP7
  • Symantec Veritas NetBackup Server 6.0
  • Symantec Veritas NetBackup Server 6.0 MP7
  • Symantec Veritas NetBackup Server 6.5
  • Symantec Veritas NetBackup Server 6.5.2

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.