Lucene search

SAINT CorporationSAINT:D3E5A2537AC537D4A067C71DE397DEEB

HistoryApr 14, 2006 - 12:00 a.m.

VERITAS NetBackup vnetd bpspsserver buffer overflow

2006-04-1400:00:00

SAINT Corporation

my.saintcorporation.com

166

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.713 High

EPSS

Percentile

98.0%

JSON

Added: 04/14/2006
CVE: CVE-2006-0991
BID: 17264
OSVDB: 24170

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

A buffer overflow in **bpspsserver** allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service message to the **vnetd** service.

Resolution

Apply the update referenced in Symantec Advisory SYM06-006.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1641.html>

Limitations

Exploit works on VERITAS NetBackup 6.0.

Platforms

Windows XP

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.713 High

EPSS

Percentile

98.0%

JSON

Related for SAINT:D3E5A2537AC537D4A067C71DE397DEEB