CVE-2006-0989 – Symantec VERITAS NetBackup Volume Manager Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-0989
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable Symantec VERITAS NetBackup installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within the volume manager daemon (vmd.exe) due to incorrect bounds checking during a call to sscanf() that copies user-supplied data to a stack-based buffer. The vulnerable daemon listens on TCP port 13701. • http://securityreason.com/securityalert/639 http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html http://securitytracker.com/id?1015832 http://seer.support.veritas.com/docs/281521.htm http://www.kb.cert.org/vuls/id/880801 http://www.osvdb.org/24172 http://www.securityfocus.com/archive/1/428944/100/0/threaded http://www.securityfocus.com/bid/17264 http://www.vupen.com/english/advisories/2006/1124 http://www.zerodayinitiative.com/advisories/ZDI-06-005 •
CVE-2006-0990 – Symantec VERITAS NetBackup Database Manager Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-0990
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable Symantec VERITAS NetBackup installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetBackup Database Manager service (bpdbm.exe) due to insufficient bounds checking during a call to sprintf() that copies user-supplied data to a stack-based buffer. The vulnerable daemon listens on TCP port 13721. • http://secunia.com/advisories/19417 http://securityreason.com/securityalert/642 http://securityresponse.symantec.com/avcenter/security/Content/2006.03.27.html http://securitytracker.com/id?1015832 http://seer.support.veritas.com/docs/281521.htm http://www.kb.cert.org/vuls/id/744137 http://www.securityfocus.com/archive/1/428988/100/0/threaded http://www.securityfocus.com/archive/1/428992/100/0/threaded http://www.securityfocus.com/bid/17264 http://www.vupen.com/english/advis •
CVE-2004-1389 – Veritas NetBackup - Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1389
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature. • https://www.exploit-db.com/exploits/9941 http://secunia.com/advisories/12901 http://seer.support.veritas.com/docs/271727.htm http://www.ciac.org/ciac/bulletins/p-020.shtml http://www.kb.cert.org/vuls/id/685456 http://www.securityfocus.com/bid/11494 https://exchange.xforce.ibmcloud.com/vulnerabilities/17811 •