October 2005

ID: 00897
Ref: 837/05
Date: 12 October 2005:16:51:30
Version: 1

---

Title: Symantec - Remote Code Execution Vulnerability in VERITAS NetBackup (tm) 4.5, 5.0, 5.1, and 6.
Abstract: Symantec have published a technical advisory relating to a vulnerability that affects the bpjava-msvc logon process within VERITAS NetBackup (tm) 4.5, 5.0, 5.1, and 6.0 (including maintenance and feature packs).
Vendors affected: Symatec
Applications affected: Symatec

---

Title
=====
Symantec - Remote Code Execution Vulnerability in VERITAS NetBackup (tm) 4.5, 5.0, 5.1, and 6.


Detail
======

Symantec have published a technical advisory relating to a vulnerability that
affects the bpjava-msvc logon process within VERITAS NetBackup (tm) 4.5, 5.0, 5.1,
and 6.0 (including maintenance and feature packs).

The following are extracts from the advisory:

" TippingPoint, a division of 3Com, notified Symantec of a format string overflow
vulnerability in the Java authentication service, bpjava-msvc, running on NetBackup
servers and clients. This vulnerability could potentially allow remote attackers
to execute arbitrary code on a targeted system with elevated privileges. The
vulnerability is in the COMMAND_LOGON_TO_MSERVER command. The vulnerable daemon
listens on port 13722 on both NetBackup servers and clients. If a remote attacker
were able to access the service and successfully exploit this vulnerability, they
could potentially execute arbitrary code with the privileges of the bpjava-msvc
daemon, normally root or SYSTEM on the targeted system. "

The full advisory can be viewed at the following URL:
http://seer.support.veritas.com/docs/279085.htm