Design/Logic Flaw

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

CVE-2024-28222

CVE-2024-28222 affects Veritas NetBackup prior to 8.1.2 and NetBackup Appliance prior to 3.1.2. The BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. Impact is impactful: high confidentiality, integrity, and availability r...

CVE-2023-28758

An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files...

CVE-2023-28758

Veritas NetBackup pre-8.3.0.2 is affected by CVE-2023-28758. The BPCD component allows an unprivileged user to specify a log file path when running a NetBackup command, enabling overwriting of existing NetBackup log files. This is a local impact with potential log tampering. Remediation: upgrade ...

CVE-2017-6401

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat...

CVE-2017-6401

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat...

CVE-2015-6550

bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted...

CVE-2015-6550

CVE-2015-6550 affects Veritas NetBackup: the bpcd service in NetBackup 7.x (including 7.5.0.7, 7.6.x, and 7.7.x before 7.7.2) and NetBackup Appliance up to 2.7.x is exploitable via crafted input to trigger remote command execution. Affected versions include 7.5.0.7, 7.6.0.x–7.6.0.4, 7.6.1.x–7.6.1...

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

Symantec Veritas NetBackup bpcd daemon fails to properly validate commands

Overview Symantec Veritas NetBackup is vulnerable to command chaining, which may allow a remote, authenticated attacker to execute arbitrary commands on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon fails t...

CVE-2006-5822

Stack-based buffer overflow in the NetBackup bpcd daemon bpcd.exe in Symantec Veritas NetBackup 5.0 before 5.0MP7, 5.1 before 5.1MP6, and 6.0 before 6.0MP4 allows remote attackers to execute arbitrary code via a long CONNECTOPTIONS request, a different issue than CVE-2006-6222...

CVE-2006-4902

The NetBackup bpcd daemon bpcd.exe in Symantec Veritas NetBackup 5.0 before 5.0MP7, 5.1 before 5.1MP6, and 6.0 before 6.0MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands...

CVE-2006-6222

Stack-based buffer overflow in the NetBackup bpcd daemon bpcd.exe in Symantec Veritas NetBackup 5.0 before 5.0MP7, 5.1 before 5.1MP6, and 6.0 before 6.0MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix...

CVE-2006-4902

CVE-2006-4902 affects the NetBackup bpcd daemon (bpcd.exe) on Windows, where the daemon fails to properly validate chained commands, enabling a remote attacker to append malicious commands to valid ones and execute arbitrary code. Affected versions include NetBackup 5.0 up to 5.0_MP7, 5.1 up to 5...

CVE-2006-6222

Symantec Veritas NetBackup is affected by a stack-based buffer overflow in the bpcd daemon (bpcd.exe) caused by parsing of overly long requests with a malformed length prefix. The vulnerability affects NetBackup 5.0 before MP7, 5.1 before MP6, and 6.0 before MP4. An unauthenticated remote attacke...

CVE-2006-5822

CVE-2006-5822 affects Symantec Veritas NetBackup bpcd daemon (bpcd.exe). The vulnerability is a boundary/buffer overflow in handling overly long CONNECT_OPTIONS requests to NetBackup Master/Media Servers (bpcd listens on 13782/tcp). Exploitation can allow remote code execution with the privileges...

Veritas NetBackup BPCD守护程序多个远程安全漏洞

Veritas NetBackup是大型的数据备份应用系统。 Veritas NetBackup的bpcd.exe在解析提交给NetBackup Master/Media Server的超长请求时存在栈溢出漏洞，如果发送给这个进程的通讯前缀为畸形长度的话，就会触发这个溢出，导致执行任意指令。 bpcd.exe在解析提交给NetBackup Master/Media Server的超长CONNECTOPTIONS请求时存在另一个栈溢出。在解析过程中，未经长度检查便执行了拷贝操作，导致执行任意指令。...