CERT/CC Vulnerability Note VU#685456

Overview

Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges.

Description

The Veritas NetBackup Administrative Assistant interface (bpjava-susvc) contains an input validation vulnerability. According to Veritas Alert 271727 :

When the NetBackup Administrative Java GUI connects to a NetBackup server (either a master or media server) a process is started on the server called bpjava-susvc. A normal user with access to this server could send specially crafted commands to this process and have those commands executed with root authority.

It is also possible to exploit this issue if the Backup & Restore GUI is started as root.

The following NetBackup applications and versions are reported to be vulnerable:

NetBackup BusinesServer 3.4, 3.4.1, and 4.5
NetBackup DataCenter 3.4, 3.4.1, and 4.5
NetBackup Enterprise Server 5.1
NetBackup Server 5.0 and 5.1

Impact

If an attacker supplies a vulnerable NetBackup server with specially crafted commands, those commands may be executed with elevated (possibly root) privileges.

Solution

Apply Patch
According to Veritas Alert 271727 the following patches will correct this problem:

4.5 Maintenance Pack 8 (MP8)
4.5 Feature Pack 8 (FP8)
5.0 Maintenance Pack 4 (MP4)
5.1 Maintenance Pack 2 (MP2)

Upgrade

This issue will be fixed in Veritas NetBackup version 6.

Workaround

Enabling no call-back will correct this issue. To enable no call-back set the NBJAVA_CONNECT_OPTION to 1 in the NetBackup configuration file (nbj.conf on UNIX and .vrtsnbuj on Windows).

Veritas released the following examples to demonstrate how to set NBJAVA_CONNECT_OPTION to 1 on Windows and UNIX platforms:

Partial sample of a Windows <NB Installed location>\java\<host_name>.vrtsnbuf file:

Partial sample of a UNIX /usr/openv/java/nbj.conf file:

Vendor Information

685456

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

NEC Corporation Affected

Updated: April 20, 2005

Status

Affected

Vendor Statement

* VERITAS NetBackup

- is Vulnerable.
- For more detail.
http://www.sw.nec.co.jp/psirt/bnin2005.html#4 (only in Japanese).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.sw.nec.co.jp/psirt/bnin2005.html#4 (only in Japanese).

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Veritas SOFTWARE Unknown

Updated: January 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported in Veritas Alert 271727.

This document was written by Jeff Gennari.

Other Information

CVE IDs:	None
Severity Metric:	3.65
Date Public:	2004-10-20
Date First Published:	2005-01-18
Date Last Updated:	2005-04-20 14:48 UTC
Document Revision:	55

Software Engineering Institute

CERT Coordination Center

Veritas NetBackup "bpjava-susvc" process contains an input validation error

Vulnerability Note VU#685456

Overview

Description

Impact

Solution

Vendor Information

NEC Corporation Affected

Status

Vendor Statement

Vendor Information

Addendum

Veritas SOFTWARE Unknown

Status

Vendor Statement

Vendor Information

Addendum

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC