VERITAS NetBackup Java Administration Console format string vulnerability

2005-11-30T00:00:00
ID SAINT:0E24AFF883C1053DA3D7CA344EA9A318
Type saint
Reporter SAINT Corporation
Modified 2005-11-30T00:00:00

Description

Added: 11/30/2005
CVE: CVE-2005-2715
BID: 15079
OSVDB: 19949

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

The **bpjava-msvc** component of the Java Administration Console in Veritas NetBackup 4.5 through 6.0 is affected by a format string vulnerability which could lead to command execution on NetBackup clients or servers.

Resolution

Install the patch.

References

<http://www.kb.cert.org/vuls/id/495556>

Limitations

Exploit works on NetBackup 5.0.

Platforms

Windows