SHELLCODE: Microsoft Windows CMD.EXE Prompt

This signature detects a Microsoft Windows CMD.EXE banner over TCP. This is generally an indication that the host is compromised and is providing a command prompt to an attacker.

Extended Description

Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.

Affected Products

Symantec_veritas netbackup

References

BugTraq: 15353

CVE: CVE-2005-3116

Short Name
SHELLCODE:WIN:SHELL-PROMPT
Severity
Major
Recommended
False
Recommended Action
Close Server
Category
SHELLCODE
Keywords
CMD.EXE CVE-2005-3116 Microsoft Prompt Windows bid:15353
Release Date
04/01/2009
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3705
Port
TCP/1024-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors

Symantec_veritas

Found a potential security threat?