CVSS: 10.0EPSS: 18%CPEs: 9EXPL: 0CVE-2006-5822 – Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5822
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222. Desbordamiento de búfer basado en pila en el demonio NetBackup bpcd (bpcd.exe) en Symantec Veritas NetBackup 5.0 versiones anteriores a 5.0_MP7, 5.1 versiones anteriores a 5.1_MP6, y 6.0 versiones anteriores a 6.0_MP4, permite a atacantes remotos ejecutar código de su elección mediante una petición larga CONNECT_OPTIONS, vulnerabilidad diferente a CVE-2006-6222. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Veritas NetBackup. Authentication is not required to exploit this vulnerability. The specific flaw exists within bpcd.exe during the parsing of overly long CONNECT_OPTIONS requests to a NetBackup Master/Media Server. When the CONNECT_OPTIONS command is parsed, the contents are copied into a stack allocated buffer without proper length checking. • http://secunia.com/advisories/23368 http://securitytracker.com/id?1017379 http://www.kb.cert.org/vuls/id/650432 http://www.securityfocus.com/archive/1/454314/100/0/threaded http://www.securityfocus.com/bid/21565 http://www.symantec.com/avcenter/security/Content/2006.12.13a.html http://www.vupen.com/english/advisories/2006/4999 http://www.zerodayinitiative.com/advisories/ZDI-06-050.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30883 •
CVSS: 10.0EPSS: 89%CPEs: 5EXPL: 4CVE-2005-2715 – VERITAS NetBackup Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-2715
Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command. This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the 'COMMAND_LOGON_TO_MSERVER' command. The vulnerable daemon listens on TCP port 13722 and affects both NetBackup clients and servers. • https://www.exploit-db.com/exploits/1263 https://www.exploit-db.com/exploits/1265 https://www.exploit-db.com/exploits/1264 http://secunia.com/advisories/17181 http://securitytracker.com/id?1015028 http://seer.support.veritas.com/docs/279085.htm http://sunsolve.sun.com/search/document.do?assetkey=1-26-102054-1 http://www.kb.cert.org/vuls/id/495556 http://www.securityfocus.com/bid/15079 http://www.symantec.com/avcenter/security/Content/2005.10.12.html http:// •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-2389
https://notcve.org/view.php?id=CVE-2005-2389
NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference. NDMP server en Veritas NetBackup 5.1 permite que atacantes causen una denegación de servicio mediante un mensaje CONFIG con fecha fuera de rango, lo que provoca intento de acceso a puntero nulo. • http://secunia.com/advisories/16187 http://www.hat-squad.com/en/000170.html •