CVE-2017-6408
https://notcve.org/view.php?id=CVE-2017-6408
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir una condición de carrera de escalada de privilegios locales en pbx_exchange cuando un usuario local se conecta a un socket antes de que se aseguren los permisos. • http://www.securityfocus.com/bid/96491 http://www.securitytracker.com/id/1037950 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-6409
https://notcve.org/view.php?id=CVE-2017-6409
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Interfaces CORBA no autenticadas permiten acceso inapropiado. • http://www.securityfocus.com/bid/96504 http://www.securitytracker.com/id/1037950 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11 • CWE-306: Missing Authentication for Critical Function •
CVE-2017-6405
https://notcve.org/view.php?id=CVE-2017-6405
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. La seguridad basada en nombre de host está abierta a la suplantación de DNS. • http://www.securityfocus.com/bid/96488 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7 • CWE-290: Authentication Bypass by Spoofing •
CVE-2017-6399
https://notcve.org/view.php?id=CVE-2017-6399
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado). • http://www.securityfocus.com/bid/96490 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4 •
CVE-2017-6404
https://notcve.org/view.php?id=CVE-2017-6404
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7 y NetBackup Appliance en versiones anteriores a 2.7. Existen archivos de registro de escritura universal, permitiendo la destrucción o suplantación de datos de registro. • http://www.securityfocus.com/bid/96494 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9 • CWE-276: Incorrect Default Permissions •