TITLE: VERITAS NetBackup "bpjava-msvc" Format String Vulnerability SECUNIA ADVISORY ID: SA17181 VERIFY ADVISORY: http://secunia.com/advisories/17181/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: VERITAS NetBackup Server 6.x http://secunia.com/product/5851/ VERITAS NetBackup Server 5.x http://secunia.com/product/4122/ VERITAS NetBackup BusinesServer 4.x http://secunia.com/product/4120/ VERITAS NetBackup DataCenter 4.x http://secunia.com/product/2112/ VERITAS NetBackup Enterprise Server 5.x http://secunia.com/product/4121/ VERITAS NetBackup Enterprise Server 6.x http://secunia.com/product/5850/ DESCRIPTION: A vulnerability has been reported in VERITAS NetBackup, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a format string error in the Java user-interface authentication service (bpjava-msvc) daemon when handling the "COMMAND_LOGON_TO_MSERVER" command. The "bpjava-msvc" daemon runs on both the server and agent. Successful exploitation allows arbitrary code execution with root or SYSTEM privileges but requires access to port 13722/tcp. The vulnerability has been reported in the following versions: * VERITAS NetBackup Data and Business Center version 4.5FP * VERITAS NetBackup Data and Business Center version 4.5MP * VERITAS NetBackup Enterprise/Server/Client version 5.0 * VERITAS NetBackup Enterprise/Server/Client version 5.1 * VERITAS NetBackup Enterprise/Server/Client version 6.0 SOLUTION: Apply patches. http://seer.support.veritas.com/docs/279085.htm VERITAS NetBackup Data and Business Center version 4.5FP: Apply NB_45_9S1443_F. VERITAS NetBackup Data and Business Center version 4.5MP: Apply NB_45_9S1729_M. VERITAS NetBackup Enterprise/Server/Client version 5.0: Apply NB_50_5S1320_M. VERITAS NetBackup Enterprise/Server/Client version 5.1: Apply NB_51_3AS0949_M. VERITAS NetBackup Enterprise/Server/Client version 6.0: Apply NB_60_3S0007_M. PROVIDED AND/OR DISCOVERED BY: Discovered by Kevin Finisterre and reported via TippingPoint. ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.10.12.html TippingPoint: http://www.zerodayinitiative.com/advisories/ZDI-05-001.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------