CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.8%
Added: 02/16/2007
CVE: CVE-2006-4902
BID: 21565
OSVDB: 31334
VERITAS NetBackup is a backup and recovery solution for multiple platforms.
The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the commands to valid commands.
Apply one of the maintenance packs referenced in the Symantec Security Advisory.
<http://www.kb.cert.org/vuls/id/252936>
<http://www.symantec.com/avcenter/security/Content/2006.12.13a.html>
Exploit works on VERITAS NetBackup 5.0 and requires the target host to have the ability to connect back to SAINTexploit on ports 990/TCP and 69/UDP.
In order for the exploit to succeed, the address of the host running SAINTexploit must be present in Unicode format in the following registry key on the target:
> Key: HKEY_LOCAL_MACHINE\SOFTWARE\VERITAS\NetBackup\CurrentVersion\Config
Value: Server
Type: MULTI_SZ
This exploit requires the PERL threads module to be installed on the host running SAINTexploit.
Windows