Veritas Net Backup Professional Open Transaction Manager Remote Drive Access Vulnerability
BID:9448
Info
Veritas Net Backup Professional Open Transaction Manager Remote Drive Access Vulnerability
| Bugtraq ID: | 9448 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2004 12:00AM |
| Updated: | Jan 19 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Mr. Kay Schluepmann <[email protected]>. |
| Vulnerable: |
Veritas Software Net Backup Professional 3.51.30 Veritas Software Net Backup Professional 3.51.20 Veritas Software Net Backup Professional 3.51.15 Veritas Software Net Backup Professional 3.51.10 Veritas Software Net Backup Professional 3.51 Veritas Software Net Backup Professional 3.5 |
| Not Vulnerable: |
Veritas Software Net Backup Professional 3.6 |
Discussion
Veritas Net Backup Professional Open Transaction Manager Remote Drive Access Vulnerability
It has been reported that Veritas Net Backup Open Transaction Manager (OTM) may allow remote attackers on a network to access files on a client system. It has been reported that Veritas Net Backup Open Transaction Manager (OTM) creates a shared drive on the system during a client backup. This share is reportedly available to anyone on the network and is created with default 'Everyone/Full Control' permissions.
Successful exploitation of this issue may allow a remote attacker to gain access to files on a targeted system drive during a backup operation.
It has been reported that Veritas Net Backup Open Transaction Manager (OTM) may allow remote attackers on a network to access files on a client system. It has been reported that Veritas Net Backup Open Transaction Manager (OTM) creates a shared drive on the system during a client backup. This share is reportedly available to anyone on the network and is created with default 'Everyone/Full Control' permissions.
Successful exploitation of this issue may allow a remote attacker to gain access to files on a targeted system drive during a backup operation.
Exploit / POC
Veritas Net Backup Professional Open Transaction Manager Remote Drive Access Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Veritas Net Backup Professional Open Transaction Manager Remote Drive Access Vulnerability
Solution:
The vendor has released version 3.6 of the software to address this issue. Users are advised to contact the vendor for more information. See web references for more details.
Solution:
The vendor has released version 3.6 of the software to address this issue. Users are advised to contact the vendor for more information. See web references for more details.
References
Veritas Net Backup Professional Open Transaction Manager Remote Drive Access Vulnerability
References:
References:
- NetBackup Professional (Veritas Software)