Symantec NetBackup BPCD Daemon Multiple Remote Vulnerabilities
BID:21565
Info
Symantec NetBackup BPCD Daemon Multiple Remote Vulnerabilities
| Bugtraq ID: | 21565 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6222 CVE-2006-5822 CVE-2006-4902 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 13 2006 12:00AM |
| Updated: | Dec 15 2006 07:48PM |
| Credit: | Symantec credits the buffer overflow issue to Sebastian Apelt (TippingPoint - Zero Day Initiative) and the privilege-escalation issue to Paul Metha (X-force Research Team) |
| Vulnerable: |
Veritas Software NetBackup Server 6.0 Veritas Software NetBackup Server 5.1 Veritas Software NetBackup Server 5.0 Veritas Software NetBackup Enterprise Server 6.0 Veritas Software NetBackup Enterprise Server 5.1 Veritas Software NetBackup Enterprise Server 5.0 Veritas Software NetBackup Client 6.0 Veritas Software NetBackup Client 5.1 Veritas Software NetBackup Client 5.0 |
| Not Vulnerable: | |
Discussion
Symantec NetBackup BPCD Daemon Multiple Remote Vulnerabilities
NetBackup is prone to multiple vulnerabilities, including two buffer-overflow issues and a privilege-escalation issue.
A remote attacker may exploit these issues to execute arbitrary commands with elevated privileges or to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the vulnerable application.
These vulnerabilities affect all builds and platforms of NetBackup Enterprise Server and client/NetBackup Server and client versions 5.0, 5.1, and 6.0.
NetBackup is prone to multiple vulnerabilities, including two buffer-overflow issues and a privilege-escalation issue.
A remote attacker may exploit these issues to execute arbitrary commands with elevated privileges or to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the vulnerable application.
These vulnerabilities affect all builds and platforms of NetBackup Enterprise Server and client/NetBackup Server and client versions 5.0, 5.1, and 6.0.
Exploit / POC
Symantec NetBackup BPCD Daemon Multiple Remote Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
Symantec NetBackup BPCD Daemon Multiple Remote Vulnerabilities
Solution:
Symantec has released an advisory with fixes to address this issue. Please see the references for more information.
Veritas Software NetBackup Client 5.0
Veritas Software NetBackup Server 5.0
Veritas Software NetBackup Enterprise Server 5.0
Veritas Software NetBackup Client 5.1
Veritas Software NetBackup Enterprise Server 5.1
Veritas Software NetBackup Enterprise Server 6.0
Veritas Software NetBackup Server 6.0
Solution:
Symantec has released an advisory with fixes to address this issue. Please see the references for more information.
Veritas Software NetBackup Client 5.0
-
Symantec NB_ADC_50_7_M_286253.tar
Veritas NetBackup (tm) Advanced Client on Solaris and HP-UX platforms.
http://support.veritas.com/docs/286253 -
Veritas NB_DB2_50_7_M_286256.hp11.00.tar
http://support.veritas.com/docs/286256 -
Veritas NB_DB2_50_7_M_286257.linux2.4.tar
Veritas NetBackup (tm) for DB2 Database Agent on Linux platforms.
http://support.veritas.com/docs/286257 -
Veritas NB_DB2_50_7_M_286258.rs6000_433.tar
Veritas NetBackup (tm) for DB2 Database Agent on AIX 4.3.3.10 platforms.
http://support.veritas.com/docs/286258 -
Veritas NB_DB2_50_7_M_286259.rs6000_51.tar
Veritas NetBackup (tm) for DB2 Database Agent on AIX 5.x platforms.
http://support.veritas.com/docs/286259 -
Veritas NB_DB2_50_7_M_286260.solaris7.tar
Veritas NetBackup (tm) for DB2 Database Agent on Solaris platforms.
http://support.veritas.com/docs/286260 -
Veritas NB_SMU_50_7_M_286298.hp_11.tar
Veritas Storage Migrator (tm) for HP-UX.
http://support.veritas.com/docs/286296 -
Veritas NB_SMU_50_7_M_286298.hp_11.tar
Veritas Storage Migrator (tm) for HP-UX.
http://support.veritas.com/docs/286298 -
Veritas NB_SMU_50_7_M_286299.sgi_dm.tar
Veritas Storage Migrator (tm) for SGI IRIX.
http://support.veritas.com/docs/286299 -
Veritas NB_SMU_50_7_M_286300.solaris_dm.tar
Veritas Storage Migrator (tm) for Solaris.
http://support.veritas.com/docs/286300 -
Veritas NB_SYB_50_7_M_286301.alpha_5.tar
Veritas NetBackup (tm) for Sybase Database Agent on Compaq/HP Tru64 platforms.
http://support.veritas.com/docs/286301 -
Veritas NB_SYB_50_7_M_286302.hp11.00.tar
Veritas NetBackup (tm) for Sybase Database Agent on HP-UX platforms.
http://support.veritas.com/docs/286302 -
Veritas NB_SYB_50_7_M_286303.rs6000_433.tar
Veritas NetBackup (tm) for Sybase Database Agent on AIX 4.3.3.10 platforms.
http://support.veritas.com/docs/286303 -
Veritas NB_SYB_50_7_M_286304.rs6000_51.tar
Veritas NetBackup (tm) for Sybase Database Agent on AIX 5.x platforms.
http://support.veritas.com/docs/286304 -
Veritas NB_SYB_50_7_M_286305.sgi65.tar
Veritas NetBackup (tm) for Sybase Database Agent on SGI IRIX platforms.
http://support.veritas.com/docs/286305 -
Veritas NB_SYB_50_7_M_286306.solaris7.tar
Veritas NetBackup (tm) for Sybase Database Agent on Solaris platforms
http://support.veritas.com/docs/286306 -
Veritas NB_U40_50_7_M_286307.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 40-bit Encryption Agent on UNIX clients.
http://support.veritas.com/docs/286307 -
Veritas NB_VLT_50_7_M_286309.alpha_5.tar
Veritas NetBackup (tm) Vault on TRU64 Platforms.
http://support.veritas.com/docs/286309 -
Veritas NB_VLT_50_7_M_286310.hp_ux.tar
Veritas NetBackup (tm) Vault on HP-UX Platforms.
http://support.veritas.com/docs/286310 -
Veritas NB_VLT_50_7_M_286311.linux.tar
Veritas NetBackup (tm) Vault on Linux Platforms.
http://support.veritas.com/docs/286311 -
Veritas NB_VLT_50_7_M_286312.rs6000.tar
Veritas NetBackup (tm) Vault on AIX Platforms.
http://support.veritas.com/docs/286312 -
Veritas NB_VLT_50_7_M_286313.solaris.tar
Veritas NetBackup (tm) Vault on Solaris Platforms.
http://support.veritas.com/docs/286313
Veritas Software NetBackup Server 5.0
-
Veritas NB_DMP_50_7_M_286261.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on HP-UX platforms.
http://support.veritas.com/docs/286261 -
Veritas NB_DMP_50_7_M_286262.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on Linux platforms.
http://support.veritas.com/docs/286262 -
Veritas NB_DMP_50_7_M_286263.rs6000.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on AIX platforms.
http://support.veritas.com/docs/286263 -
Veritas NB_DMP_50_7_M_286264.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on Solaris platforms.
http://support.veritas.com/docs/286264 -
Veritas NB_GDM_50_7_M_286265.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on TRU 64 platforms.
http://support.veritas.com/docs/286265 -
Veritas NB_GDM_50_7_M_286266.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on HP-UX platforms.
http://support.veritas.com/docs/286266 -
Veritas NB_GDM_50_7_M_286267.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on Linux platforms.
http://support.veritas.com/docs/286267 -
Veritas NB_GDM_50_7_M_286268.rs6000.ta
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on AIX platforms.
http://support.veritas.com/docs/286268 -
Veritas NB_GDM_50_7_M_286269.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on Solaris platforms.
http://support.veritas.com/docs/286269 -
Veritas NB_GDM_50_7_M_286270.winnt.intel.exe
Veritas NetBackup (tm) Global Data Manager product for NT and Windows 2000 servers.
http://support.veritas.com/docs/286270 -
Veritas NB_U56_50_7_M_286308.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 56-bit Encryption Agent on UNIX clients.
http://support.veritas.com/docs/286308
Veritas Software NetBackup Enterprise Server 5.0
-
Symantec NB_50_7_M_286245.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on TRU 64 servers.
http://support.veritas.com/docs/286245 -
Symantec NB_50_7_M_286246.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on HP-UX servers,
http://support.veritas.com/docs/286246 -
Symantec NB_50_7_M_286247.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on Linux servers.
http://support.veritas.com/docs/286247 -
Symantec NB_50_7_M_286248.rs6000.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on AIX servers.
http://support.veritas.com/docs/286248 -
Symantec NB_50_7_M_286249.sgi.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on SGI IRIX servers.
http://support.veritas.com/docs/286249 -
Symantec NB_50_7_M_286250.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on Solaris servers.
http://support.veritas.com/docs/286250 -
Symantec NB_50_7_M_286251.winnt.IA64.exe
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on Windows XP/2003 64-bit clients.
http://support.veritas.com/docs/286251 -
Symantec NB_50_7_M_286252.winnt.intel.exe
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on NT/2000/2003/XP Professional server and clients.
http://support.veritas.com/docs/286252 -
Symantec NB_BAC_50_7_M_286254.winnt.intel.exe
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on NT/2000/2003/XP Professional server and client Access Control (NBAC) agent.
http://support.veritas.com/docs/286254 -
Symantec NB_CLT_50_7_M_286255.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 on UNIX clients.
http://support.veritas.com/docs/286255 -
Veritas NB_DMP_50_7_M_286261.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on HP-UX platforms.
http://support.veritas.com/docs/286261 -
Veritas NB_DMP_50_7_M_286262.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on Linux platforms.
http://support.veritas.com/docs/286262 -
Veritas NB_DMP_50_7_M_286263.rs6000.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on AIX platforms.
http://support.veritas.com/docs/286263 -
Veritas NB_DMP_50_7_M_286264.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 NDMP Agent on Solaris platforms.
http://support.veritas.com/docs/286264 -
Veritas NB_GDM_50_7_M_286265.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on TRU 64 platforms.
http://support.veritas.com/docs/286265 -
Veritas NB_GDM_50_7_M_286266.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on HP-UX platforms.
http://support.veritas.com/docs/286266 -
Veritas NB_GDM_50_7_M_286267.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on Linux platforms.
http://support.veritas.com/docs/286267 -
Veritas NB_GDM_50_7_M_286268.rs6000.ta
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on AIX platforms.
http://support.veritas.com/docs/286268 -
Veritas NB_GDM_50_7_M_286269.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 for Global Data Manager product on Solaris platforms.
http://support.veritas.com/docs/286269 -
Veritas NB_GDM_50_7_M_286270.winnt.intel.exe
Veritas NetBackup (tm) Global Data Manager product for NT and Windows 2000 servers.
http://support.veritas.com/docs/286270 -
Veritas NB_U56_50_7_M_286308.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.0 56-bit Encryption Agent on UNIX clients.
http://support.veritas.com/docs/286308
Veritas Software NetBackup Client 5.1
-
Veritas NB_INX_51_6_M_286367.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Informix Database Agent on TRU 64 platforms.
http://support.veritas.com/docs/286367
Veritas Software NetBackup Enterprise Server 5.1
-
Symantec NB_SYB_51_6_M_286406.rs6000_51.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Sybase Database Agent on AIX 5.x platforms.
http://support.veritas.com/docs/286406 -
Symantec NB_SYB_51_6_M_286407.sgi65.tar
Veritas NetBackup (tm) Enterprise Server 5.1 for Sybase Database Agent on SGI IRIX platforms.
http://support.veritas.com/docs/286407 -
Symantec NB_SYB_51_6_M_286408.solaris7.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Sybase Database Agent on Solaris platforms.
http://support.veritas.com/docs/286408 -
Symantec NB_VLT_51_6_M_286409.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Vault on TRU 64 platforms.
http://support.veritas.com/docs/286409 -
Symantec NB_VLT_51_6_M_286410.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Vault on HP-UX platforms.
http://support.veritas.com/docs/286410 -
Symantec NB_VLT_51_6_M_286411.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Vault on Linux platforms.
http://support.veritas.com/docs/286411 -
Symantec NB_VLT_51_6_M_286412.rs6000.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Vault on AIX platforms.
http://support.veritas.com/docs/286412 -
Symantec NB_VLT_51_6_M_286413.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Vault on Solaris platforms.
http://support.veritas.com/docs/286413 -
Veritas NB_51_6_M_286338.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 on TRU 64 servers.
http://support.veritas.com/docs/286338 -
Veritas NB_51_6_M_286339.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 on HP-UX servers.
http://support.veritas.com/docs/286339 -
Veritas NB_SYB_51_6_M_286405.rs6000_433.tar
Veritas NetBackup (tm) Enterprise Server / Server 5.1 for Sybase Database Agent on AIX 4.3.3.10 platforms.
http://support.veritas.com/docs/286405
Veritas Software NetBackup Enterprise Server 6.0
-
Symantec NB_60_4_M.winnt.intel_285941.exe
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on NT/2000/2003/XP Professional server and clients.
http://support.veritas.com/docs/285941 -
Symantec NB_60_4_M_285933.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on TRU 64 servers. NetBackup UNIX Add-on products,
http://support.veritas.com/docs/285933 -
Symantec NB_60_4_M_285934.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on HP-UX servers. NetBackup UNIX Add-on products.
http://support.veritas.com/docs/285934 -
Symantec NB_60_4_M_285935.hpia64.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Itanium 64bit HP-UX servers.
http://support.veritas.com/docs/285935 -
Symantec NB_60_4_M_285936.linux64.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on 64bit Linux servers.
http://support.veritas.com/docs/285936 -
Symantec NB_60_4_M_285937.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Linux servers.
http://support.veritas.com/docs/285937 -
Symantec NB_60_4_M_285938.rs6000.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on AIX servers.
http://support.veritas.com/docs/285938 -
Symantec NB_60_4_M_285939.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Solaris servers.
http://support.veritas.com/docs/285939 -
Symantec NB_60_4_M_285940.winnt.IA64.exe
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Windows XP/2003 64 bit Clients and Servers.
http://support.veritas.com/docs/285940 -
Symantec NB_60_4_M_285942.winnt.x64.exe
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Windows XP/2003 X64 server and clients.
http://support.veritas.com/docs/285942 -
Symantec NB_CLT_60_4_M_285952.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on UNIX clients.
http://support.veritas.com/docs/285952
Veritas Software NetBackup Server 6.0
-
Symantec NB_60_4_M.winnt.intel_285941.exe
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on NT/2000/2003/XP Professional server and clients.
http://support.veritas.com/docs/285941 -
Symantec NB_60_4_M_285933.alpha_5.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on TRU 64 servers. NetBackup UNIX Add-on products,
http://support.veritas.com/docs/285933 -
Symantec NB_60_4_M_285934.hp_ux.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on HP-UX servers. NetBackup UNIX Add-on products.
http://support.veritas.com/docs/285934 -
Symantec NB_60_4_M_285935.hpia64.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Itanium 64bit HP-UX servers.
http://support.veritas.com/docs/285935 -
Symantec NB_60_4_M_285936.linux64.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on 64bit Linux servers.
http://support.veritas.com/docs/285936 -
Symantec NB_60_4_M_285937.linux.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Linux servers.
http://support.veritas.com/docs/285937 -
Symantec NB_60_4_M_285938.rs6000.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on AIX servers.
http://support.veritas.com/docs/285938 -
Symantec NB_60_4_M_285939.solaris.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Solaris servers.
http://support.veritas.com/docs/285939 -
Symantec NB_60_4_M_285940.winnt.IA64.exe
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Windows XP/2003 64 bit Clients and Servers.
http://support.veritas.com/docs/285940 -
Symantec NB_60_4_M_285942.winnt.x64.exe
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on Windows XP/2003 X64 server and clients.
http://support.veritas.com/docs/285942 -
Symantec NB_CLT_60_4_M_285952.tar
Veritas NetBackup (tm) Enterprise Server / Server 6.0 on UNIX clients.
http://support.veritas.com/docs/285952
References
Symantec NetBackup BPCD Daemon Multiple Remote Vulnerabilities
References:
References:
- Symantec Homepage (Symantec)
- Vulnerability Note VU#252936 - Symantec Veritas NetBackup bpcd daemon fails to p (US-CERT)
- Vulnerability Note VU#607312 - Symantec Veritas NetBackup bpcd daemon buffer ove (US-CERT)
- Vulnerability Note VU#650432 - Symantec Veritas NetBackup bpcd.exe CONNECT_OPTIO (US-CERT)
- ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerabilit (Zeroday Initiative)
- ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerabi (Zeroday Initiative)
- SYM06-024 - Symantec Veritas NetBackup: Vulnerabilities in NetBackup Server and (Symantec)