CVSS: 10.0EPSS: 87%CPEs: 88EXPL: 0CVE-2009-3027 – Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3027
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300. El archivo VRTSweb.exe en VRTSweb en Backup Exec Continuous Protection Server de Symantec (CPS) versiones 11d, 12.0 y 12.5; Veritas NetBackup Operations Manager (NOM) versiones 6.0 GA hasta 6.5.5; Veritas Backup Reporter (VBR) versiones 6.0 GA hasta 6.6; Veritas Storage Foundation (SF) versión 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) versiones 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1 y 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) versión 3.5; Veritas Storage Foundation for Oracle (SFO) versiones 4.1, 5.0 y 5.0.1; Veritas Storage Foundation for DB2 versiones 4.1 y 5.0; Veritas Storage Foundation for Sybase versiones 4.1 y 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Manager (SFM) versiones 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win y 2.0; Veritas Cluster Server (VCS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Cluster Server One (VCSOne) versiones 2.0, 2.0.1 y 2.0.2; Veritas Application Director (VAD) versiones 1.1 y 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) versiones 5.1, 5.5 y 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) versión 5.0; Veritas Command Central Storage (CCS) versiones 4.x, 5.0 y 5.1; Veritas Command Central Enterprise Reporter (CC-ER) versiones 5.0 GA, 5.0 MP1, 5.0 MP1RP1 y 5.1; Veritas Command Central Storage Change Manager (CC-SCM) versiones 5.0 y 5.1; y Veritas MicroMeasure versión 5.0, no comprueba apropiadamente las peticiones de autenticación, que permite a los atacantes remotos desencadenar el desempaquetado de un archivo WAR y ejecutar código arbitrario en los archivos contenidos, por medio de datos diseñados al puerto TCP 14300. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VRTSweb.exe Web Server component which listens by default on TCP ports 8181, 8443, and 14300. The process fails to properly validate an authentication request made to port 14300. • http://marc.info/?l=bugtraq&m=126046186917330&w=2 http://secunia.com/advisories/37631 http://secunia.com/advisories/37637 http://secunia.com/advisories/37685 http://securitytracker.com/id?1023309 http://securitytracker.com/id?1023312 http://seer.entsupport.symantec.com/docs/336988.htm http://seer.entsupport.symantec.com/docs/337279.htm http://seer.entsupport.symantec.com/docs/337293.htm http://seer.entsupport.symantec.com/docs/337392.htm http://seer.entsupport.symantec.com/docs&# • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2009-0651
https://notcve.org/view.php?id=CVE-2009-0651
Unspecified vulnerability in the Veritas network daemon (aka vnetd) in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup." Vulnerabilidad sin especificar en el demonido de red Veritas (tambien conocido como vnetd) en Symantec Veritas NetBackup Server / Enterprise Server v5.x, v6.0 anterior a MP7 SP1, y v6.5 anterior a v6.5.3.1 lo que permite a atacantes remotos ejecutar codigo a su elecciona traves de vectores desconocidos relacionados con el "ajuste incial de comunicaciones". • http://osvdb.org/52269 http://secunia.com/advisories/33953 http://securityresponse.symantec.com/avcenter/security/Content/2009.02.17.html http://seer.entsupport.symantec.com/docs/317828.htm http://sunsolve.sun.com/search/document.do?assetkey=1-66-253287-1 http://www.securityfocus.com/bid/33772 http://www.securitytracker.com/id?1021734 http://www.vupen.com/english/advisories/2009/0461 http://www.vupen.com/english/advisories/2009/1097 https://exchange.xforce.ibmcloud.com/vulnerabili • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 88%CPEs: 9EXPL: 0CVE-2006-4902
https://notcve.org/view.php?id=CVE-2006-4902
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands. El demonio NetBackup bpcd (bpcd.exe) en Symantec Veritas NetBackup 5.0 versiones anteriores a 5.0_MP7, 5.1 versiones anteriores a 5.1_MP6, y 6.0 versiones anteriores a 6.0_MP4, no comprueba apropiadamente comandos encadenados, que permite a atacantes remotos ejecutar código de su elección añadiendo comandos maliciosos en comandos validos. • http://secunia.com/advisories/23368 http://securitytracker.com/id?1017379 http://www.iss.net/threats/247.html http://www.kb.cert.org/vuls/id/252936 http://www.securityfocus.com/bid/21565 http://www.symantec.com/avcenter/security/Content/2006.12.13a.html http://www.vupen.com/english/advisories/2006/4999 https://exchange.xforce.ibmcloud.com/vulnerabilities/27638 •
CVSS: 10.0EPSS: 88%CPEs: 9EXPL: 0CVE-2006-6222 – Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6222
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix. Desbordamiento de búfer basado en pila en el demonio NetBackup bpcd (bpcd.exe) en Symantec Veritas NetBackup 5.0 versiones anteriores a 5.0_MP7, 5.1 versiones anteriores a 5.1_MP6, y 6.0 versiones anteriores a 6.0_MP4, permite a atacantes remotos ejecutar código de su elección mediante una petición larga con una longitud de prefijo malformada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Veritas NetBackup. Authentication is not required to exploit this vulnerability. The specific flaw exists within bpcd.exe during the parsing of overly long requests to a NetBackup Master/Media Server. Communications to this process are prefixed with a length, which, if malformed can result in a stack based buffer overflow. • http://secunia.com/advisories/23368 http://securityreason.com/securityalert/2033 http://securitytracker.com/id?1017379 http://www.kb.cert.org/vuls/id/607312 http://www.securityfocus.com/archive/1/454313/100/0/threaded http://www.securityfocus.com/bid/21565 http://www.symantec.com/avcenter/security/Content/2006.12.13a.html http://www.vupen.com/english/advisories/2006/4999 http://www.zerodayinitiative.com/advisories/ZDI-06-049.html https://exchange.xforce.ibmcloud.com/vulnerabilitie •
CVSS: 10.0EPSS: 18%CPEs: 9EXPL: 0CVE-2006-5822 – Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5822
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222. Desbordamiento de búfer basado en pila en el demonio NetBackup bpcd (bpcd.exe) en Symantec Veritas NetBackup 5.0 versiones anteriores a 5.0_MP7, 5.1 versiones anteriores a 5.1_MP6, y 6.0 versiones anteriores a 6.0_MP4, permite a atacantes remotos ejecutar código de su elección mediante una petición larga CONNECT_OPTIONS, vulnerabilidad diferente a CVE-2006-6222. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Veritas NetBackup. Authentication is not required to exploit this vulnerability. The specific flaw exists within bpcd.exe during the parsing of overly long CONNECT_OPTIONS requests to a NetBackup Master/Media Server. When the CONNECT_OPTIONS command is parsed, the contents are copied into a stack allocated buffer without proper length checking. • http://secunia.com/advisories/23368 http://securitytracker.com/id?1017379 http://www.kb.cert.org/vuls/id/650432 http://www.securityfocus.com/archive/1/454314/100/0/threaded http://www.securityfocus.com/bid/21565 http://www.symantec.com/avcenter/security/Content/2006.12.13a.html http://www.vupen.com/english/advisories/2006/4999 http://www.zerodayinitiative.com/advisories/ZDI-06-050.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30883 •