VERITAS NetBackup Vulnerability - remote
Veritas has announced a vulnerability, Document ID: 279085, describing a remotely exploitable "format string overflow vulnerability in the Java authentication service, bpjava-msvc, running on NetBackup servers and clients" that is "known to affect the application server for the NetBackup Java GUI."
"The vulnerable daemon listens on port 13722 on both NetBackup servers and clients."
Affected products:
NetBackup 4.5, all versions, all platforms.
NetBackup 5.0, all versions, all platforms.
NetBackup 5.1, all versions, all platforms.
NetBackup 6.0, all versions, all platforms.
Their suggested workaround;
Block external network access on TCP port 13722
Symantec's version of the vulnerability announcement - VERITAS NetBackup: Java User-Interface, format string vulnerability
"The vulnerable daemon listens on port 13722 on both NetBackup servers and clients."
Affected products:
NetBackup 4.5, all versions, all platforms.
NetBackup 5.0, all versions, all platforms.
NetBackup 5.1, all versions, all platforms.
NetBackup 6.0, all versions, all platforms.
Their suggested workaround;
Block external network access on TCP port 13722
Symantec's version of the vulnerability announcement - VERITAS NetBackup: Java User-Interface, format string vulnerability
Keywords:
0 comment(s)
×
Diary Archives
Comments