Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiSebastian ApeltZDI-06-006
HistoryMar 27, 2006 - 12:00 a.m.

Symantec VERITAS NetBackup Database Manager Buffer Overflow Vulnerability

2006-03-2700:00:00
Sebastian Apelt
www.zerodayinitiative.com
25

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.2%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Symantec VERITAS NetBackup installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetBackup Database Manager service (bpdbm.exe) due to insufficient bounds checking during a call to sprintf() that copies user-supplied data to a stack-based buffer. The vulnerable daemon listens on TCP port 13721.

Related

securityvulns 1
cvelist 1
prion 1
cert 1
cve 1
securityvulns
securityvulns
ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow
2006-03-28 00:00:00
cvelist
cvelist
CVE-2006-0990
2006-03-28 00:00:00
prion
prion
Stack overflow
2006-03-28 00:06:00
cert
cert
Symantec VERITAS NetBackup Catalog daemon buffer overflow
2006-03-29 00:00:00
cve
cve
CVE-2006-0990
2006-03-28 00:06:00

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.2%

JSON
Related for ZDI-06-006
securityvulns1cvelist1prion1cert1cve1