Lucene search
HistoryDec 14, 2006 - 8:28 p.m.
CVE-2006-4902
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.6
Confidence
Low
EPSS
0.886
Percentile
98.8%
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
Affected configurations
Node
symantecveritas_netbackup_clientMatch5.0
ORsymantecveritas_netbackup_clientMatch5.1
ORsymantecveritas_netbackup_clientMatch6.0
ORsymantecveritas_netbackup_enterprise_serverMatch5.0
ORsymantecveritas_netbackup_enterprise_serverMatch5.1
ORsymantecveritas_netbackup_enterprise_serverMatch6.0
ORsymantecveritas_netbackup_serverMatch5.0
ORsymantecveritas_netbackup_serverMatch5.1
ORsymantecveritas_netbackup_serverMatch6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| symantec | veritas_netbackup_client | 5.0 | cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_client | 5.1 | cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_client | 6.0 | cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_enterprise_server | 5.0 | cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_enterprise_server | 5.1 | cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_enterprise_server | 6.0 | cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_server | 5.0 | cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_server | 5.1 | cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:* |
| symantec | veritas_netbackup_server | 6.0 | cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:* |
References
Related
saint
saint
VERITAS NetBackup bpcd daemon command chaining vulnerability
2007-02-16 00:00:00
VERITAS NetBackup bpcd daemon command chaining vulnerability
2007-02-16 00:00:00
VERITAS NetBackup bpcd daemon command chaining vulnerability
2007-02-16 00:00:00
cert
cert
Symantec Veritas NetBackup bpcd daemon fails to properly validate commands
2006-12-15 00:00:00
cvelist
cvelist
CVE-2006-4902
2006-12-14 20:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Veritas NetBackup bpcd.exe Command Chaining (CVE-2006-4902)
2007-03-30 00:00:00
cve
cve
CVE-2006-4902
2006-12-14 20:28:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.6
Confidence
Low
EPSS
0.886
Percentile
98.8%
Related for NVD:CVE-2006-4902