===================================================================== CERT-Renater Note d'Information No. 2005/VULN627 _____________________________________________________________________ DATE : 13/12/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running VERITAS NetBackup. ====================================================================== - ---------------------------------------------------------------------------------- UNIRAS (UK Govt CERT) Briefing Notice - 837/05 dated 12.10.05 Time: 16:25 UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre) - ---------------------------------------------------------------------------------- UNIRAS material is also available from its website at www.uniras.gov.uk and Information about NISCC is available from www.niscc.gov.uk - ---------------------------------------------------------------------------------- Title ===== Symantec - Remote Code Execution Vulnerability in VERITAS NetBackup (tm) 4.5, 5.0, 5.1, and 6. Detail ====== Symantec have published a technical advisory relating to a vulnerability that affects the bpjava-msvc logon process within VERITAS NetBackup (tm) 4.5, 5.0, 5.1, and 6.0 (including maintenance and feature packs). The following are extracts from the advisory: " TippingPoint, a division of 3Com, notified Symantec of a format string overflow vulnerability in the Java authentication service, bpjava-msvc, running on NetBackup servers and clients. This vulnerability could potentially allow remote attackers to execute arbitrary code on a targeted system with elevated privileges. The vulnerability is in the COMMAND_LOGON_TO_MSERVER command. The vulnerable daemon listens on port 13722 on both NetBackup servers and clients. If a remote attacker were able to access the service and successfully exploit this vulnerability, they could potentially execute arbitrary code with the privileges of the bpjava-msvc daemon, normally root or SYSTEM on the targeted system. " The full advisory can be viewed at the following URL: http://seer.support.veritas.com/docs/279085.htm - ---------------------------------------------------------------------------------- UNIRAS wishes to acknowledge the contributions of Symantec for the information contained in this Briefing. - ---------------------------------------------------------------------------------- This Briefing contains the information released by the original author. Some of the information may have changed since it was released. If the vulnerability affects you, it may be prudent to retrieve the advisory from the canonical site to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice. UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large. - ----------------------------------------------------------------------------------- ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================