Vulnerability Note VU#685456

Veritas NetBackup "bpjava-susvc" process contains an input validation error

Original Release date: 18 Jan 2005 | Last revised: 20 Apr 2005


Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges.


The Veritas NetBackup Administrative Assistant interface (bpjava-susvc) contains an input validation vulnerability. According to Veritas Alert 271727 :

    When the NetBackup Administrative Java GUI connects to a NetBackup server (either a master or media server) a process is started on the server called bpjava-susvc. A normal user with access to this server could send specially crafted commands to this process and have those commands executed with root authority.

    It is also possible to exploit this issue if the Backup & Restore GUI is started as root.

The following NetBackup applications and versions are reported to be vulnerable:
  • NetBackup BusinesServer 3.4, 3.4.1, and 4.5
  • NetBackup DataCenter 3.4, 3.4.1, and 4.5
  • NetBackup Enterprise Server 5.1
  • NetBackup Server 5.0 and 5.1


If an attacker supplies a vulnerable NetBackup server with specially crafted commands, those commands may be executed with elevated (possibly root) privileges.


Apply Patch

According to Veritas Alert 271727 the following patches will correct this problem:

    • 4.5 Maintenance Pack 8 (MP8)
    • 4.5 Feature Pack 8 (FP8)
    • 5.0 Maintenance Pack 4 (MP4)
    • 5.1 Maintenance Pack 2 (MP2)

This issue will be fixed in Veritas NetBackup version 6.


Enabling no call-back will correct this issue. To enable no call-back set the NBJAVA_CONNECT_OPTION to 1 in the NetBackup configuration file (nbj.conf on UNIX and .vrtsnbuj on Windows).

Veritas released the following examples to demonstrate how to set NBJAVA_CONNECT_OPTION to 1 on Windows and UNIX platforms:

    Partial sample of a Windows <NB Installed location>\java\<host_name>.vrtsnbuf file:

    # Backslashes in the install path must be escaped.
    # An example: "C:\\Program Files\\VERITAS\\java"
    SET INSTALL_PATH=C:\\Program Files\\VERITAS\\\\Java
    Partial sample of a UNIX /usr/openv/java/nbj.conf file:

    # $Revision: 1.3 $
    #* $VRTScprght: Copyright 1993 - 2003 VERITAS Software Corporation, All Rights Reserved $ *


Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
NEC CorporationAffected-20 Apr 2005
Veritas SOFTWAREUnknown-17 Jan 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported in Veritas Alert 271727.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 20 Oct 2004
  • Date First Published: 18 Jan 2005
  • Date Last Updated: 20 Apr 2005
  • Severity Metric: 3.65
  • Document Revision: 54


If you have feedback, comments, or additional information about this vulnerability, please send us email.