APP: Veritas NetBackup Remote Command Execution
This signature detects attempts to exploit a known vulnerability against Veritas NetBackup, which allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, at the same time an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address. A successful attack can lead to arbitrary code execution.
Extended Description
Veritas NetBackup is reported prone to a privilege escalation vulnerability. This issue may allow remote attackers to gain elevated privileges on a vulnerable computer. An attacker can supply specially crafted commands to the server, which execute with superuser privileges.
Affected Products
Veritas_software netbackup_enterprise_server
Short Name
APP:VERITAS:NETBCKP-CMD-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-1389 Command Execution NetBackup Remote Veritas bid:11494
Release Date
11/05/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3398
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Veritas_software
CVSS Score
6.0