VERITAS NetBackup Remote Code Execution

ID ZDI-05-001
Type zdi
Reporter This vulnerability was discovered by Kevin Finisterre with exploitation assistance from JohnH.
Modified 2005-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability.

This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the 'COMMAND_LOGON_TO_MSERVER' command. The vulnerable daemon listens on TCP port 13722 and affects both NetBackup clients and servers.