Lucene search

MitreCVE-2006-5822

HistoryDec 14, 2006 - 8:28 p.m.

CVE-2006-5822

2006-12-1420:28:00

mitre

web.nvd.nist.gov

cve-2006-5822

symantec

veritas

netbackup

buffer overflow

bpcd daemon

remote code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.88

Percentile

98.7%

JSON

Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222.

Affected configurations

Nvd

Node

symantecveritas_netbackup_clientMatch5.0

symantecveritas_netbackup_clientMatch5.1

symantecveritas_netbackup_clientMatch6.0

symantecveritas_netbackup_enterprise_serverMatch5.0

symantecveritas_netbackup_enterprise_serverMatch5.1

symantecveritas_netbackup_enterprise_serverMatch6.0

symantecveritas_netbackup_serverMatch5.0

symantecveritas_netbackup_serverMatch5.1

symantecveritas_netbackup_serverMatch6.0

VendorProductVersionCPE
symantecveritas_netbackup_client5.0cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:*
symantecveritas_netbackup_client5.1cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:*
symantecveritas_netbackup_client6.0cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:*
symantecveritas_netbackup_enterprise_server5.0cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:*
symantecveritas_netbackup_enterprise_server5.1cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
symantecveritas_netbackup_enterprise_server6.0cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:*
symantecveritas_netbackup_server5.0cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
symantecveritas_netbackup_server5.1cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
symantecveritas_netbackup_server6.0cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	veritas_netbackup_client	5.0	cpe:2.3:a:symantec:veritas_netbackup_client:5.0:::::::*
symantec	veritas_netbackup_client	5.1	cpe:2.3:a:symantec:veritas_netbackup_client:5.1:::::::*
symantec	veritas_netbackup_client	6.0	cpe:2.3:a:symantec:veritas_netbackup_client:6.0:::::::*
symantec	veritas_netbackup_enterprise_server	5.0	cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:::::::*
symantec	veritas_netbackup_enterprise_server	5.1	cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:::::::*
symantec	veritas_netbackup_enterprise_server	6.0	cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:::::::*
symantec	veritas_netbackup_server	5.0	cpe:2.3:a:symantec:veritas_netbackup_server:5.0:::::::*
symantec	veritas_netbackup_server	5.1	cpe:2.3:a:symantec:veritas_netbackup_server:5.1:::::::*
symantec	veritas_netbackup_server	6.0	cpe:2.3:a:symantec:veritas_netbackup_server:6.0:::::::*

References

secunia.com/advisories/23368

securitytracker.com/id?1017379

www.kb.cert.org/vuls/id/650432

www.securityfocus.com/archive/1/454314/100/0/threaded

www.securityfocus.com/bid/21565

www.symantec.com/avcenter/security/Content/2006.12.13a.html

www.vupen.com/english/advisories/2006/4999

www.zerodayinitiative.com/advisories/ZDI-06-050.html

exchange.xforce.ibmcloud.com/vulnerabilities/30883

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.88

Percentile

98.7%

JSON

Related for CVE-2006-5822