SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#685456

Veritas NetBackup "bpjava-susvc" process contains an input validation error

Overview

Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges.

I. Description

The Veritas NetBackup Administrative Assistant interface (bpjava-susvc) contains an input validation vulnerability. According to Veritas Alert 271727 :

    When the NetBackup Administrative Java GUI connects to a NetBackup server (either a master or media server) a process is started on the server called bpjava-susvc. A normal user with access to this server could send specially crafted commands to this process and have those commands executed with root authority.

    It is also possible to exploit this issue if the Backup & Restore GUI is started as root.


The following NetBackup applications and versions are reported to be vulnerable:
  • NetBackup BusinesServer 3.4, 3.4.1, and 4.5
  • NetBackup DataCenter 3.4, 3.4.1, and 4.5
  • NetBackup Enterprise Server 5.1
  • NetBackup Server 5.0 and 5.1

II. Impact

If an attacker supplies a vulnerable NetBackup server with specially crafted commands, those commands may be executed with elevated (possibly root) privileges.

III. Solution

Apply Patch


According to Veritas Alert 271727 the following patches will correct this problem:

    • 4.5 Maintenance Pack 8 (MP8)
    • 4.5 Feature Pack 8 (FP8)
    • 5.0 Maintenance Pack 4 (MP4)
    • 5.1 Maintenance Pack 2 (MP2)
Upgrade

This issue will be fixed in Veritas NetBackup version 6.

Workaround

Enabling no call-back will correct this issue. To enable no call-back set the NBJAVA_CONNECT_OPTION to 1 in the NetBackup configuration file (nbj.conf on UNIX and .vrtsnbuj on Windows).

Veritas released the following examples to demonstrate how to set NBJAVA_CONNECT_OPTION to 1 on Windows and UNIX platforms:
    Partial sample of a Windows <NB Installed location>\java\<host_name>.vrtsnbuf file:

    # Backslashes in the install path must be escaped.
    # An example: "C:\\Program Files\\VERITAS\\java"
    SET INSTALL_PATH=C:\\Program Files\\VERITAS\\\\Java
    SET SERVER_HOST=master.min.veritas.com
    SET NBJAVA_CONNECT_OPTION=1
    Partial sample of a UNIX /usr/openv/java/nbj.conf file:

    # $Revision: 1.3 $
    #bcpyrght
    #***************************************************************************
    #* $VRTScprght: Copyright 1993 - 2003 VERITAS Software Corporation, All Rights Reserved $ *
    #***************************************************************************
    #ecpyrght

    BPJAVA_PORT=13722
    VNETD_PORT=13724
    NBJAVA_CONNECT_OPTION=1

Systems Affected
VendorStatusDate NotifiedDate Updated
NEC CorporationVulnerable20-Apr-2005
Veritas SOFTWAREUnknown17-Jan-2005

References

http://seer.support.veritas.com/docs/271727.htm
http://secunia.com/advisories/12901/
http://www.security-focus.com/bid/11494/

Credit

This vulnerability was reported in Veritas Alert 271727.

This document was written by Jeff Gennari.

Other Information

Date Public:2004-10-20
Date First Published:2005-01-18
Date Last Updated:2005-04-20
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:3.65
Document Revision:54

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader