|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Veritas NetBackup: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Veritas NetBackup.
Impacted systems: NetBackup.
Severity of this alert: 3/4.
Consequences of an intrusion: privileged access/rights, denial of service on service.
Pirate's origin: intranet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 01/03/2017.
Références of this alert: CVE-2017-6399, CVE-2017-6400, CVE-2017-6401, CVE-2017-6402, CVE-2017-6403, CVE-2017-6404, CVE-2017-6405, CVE-2017-6406, CVE-2017-6407, CVE-2017-6408, CVE-2017-6409, VIGILANCE-VUL-21983, VTS17-003.
Description of the vulnerability
Several vulnerabilities were announced in Veritas NetBackup.
A local attacker can start an arbitrary command with administrator privileges. [severity:3/4; CVE-2017-6407]
A local attacker can start an arbitrary command with administrator privileges. [severity:3/4; CVE-2017-6400]
An authenticated attacker can trigger a denial of service against the server. [severity:2/4; CVE-2017-6402]
A local attacker can run an arbitrary command on the client hosts with administrator privileges. [severity:3/4; CVE-2017-6399]
An attacker can submit commands with paths including "../", in order to run arbitrary command with hight privileges. [severity:3/4; CVE-2017-6406]
A local attacker can use bpcd and bpnbat to run an arbitrary command with administrator privileges. [severity:3/4; CVE-2017-6401]
An attacker who controls the DNS server can tamper with hostnames, in order to raise its privileges. [severity:2/4; CVE-2017-6405]
A local attacker can acess to the pbx_exchange socket unexpectedly early, in order to escalate his privileges. [severity:2/4; CVE-2017-6408]
An attacker can tamper with log files, as their access rights are wrong. [severity:2/4; CVE-2017-6404]
An attacker can use hard coded well known username and password to spoof NetBackup Cloud Storage Service. [severity:2/4; CVE-2017-6403]
An attacker can make profit of lack of authentication on access to a CORBA interface to escalate his privileges. [severity:2/4; CVE-2017-6409]
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.