Lucene search

K
saintSAINT CorporationSAINT:D3E5A2537AC537D4A067C71DE397DEEB
HistoryApr 14, 2006 - 12:00 a.m.

VERITAS NetBackup vnetd bpspsserver buffer overflow

2006-04-1400:00:00
SAINT Corporation
my.saintcorporation.com
166

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.713 High

EPSS

Percentile

98.0%

Added: 04/14/2006
CVE: CVE-2006-0991
BID: 17264
OSVDB: 24170

Background

VERITAS NetBackup is a backup and recovery solution for multiple platforms.

Problem

A buffer overflow in **bpspsserver** allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service message to the **vnetd** service.

Resolution

Apply the update referenced in Symantec Advisory SYM06-006.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1641.html&gt;

Limitations

Exploit works on VERITAS NetBackup 6.0.

Platforms

Windows XP

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.713 High

EPSS

Percentile

98.0%

Related for SAINT:D3E5A2537AC537D4A067C71DE397DEEB