Executive Summary
Summary | |
---|---|
Title | Sun Alert 253287 Security Vulnerability in the VERITAS (Symantec) NetBackup Network Daemon may Allow Escalation of Privileges |
Informations | |||
---|---|---|---|
Name | SUN-253287 | First vendor Publication | 2009-04-16 |
Vendor | Sun | Last vendor Modification | 2009-04-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Veritas NetBackup 6.0 Veritas NetBackup 6.5 A Security Vulnerability in the VERITAS (Symantec) NetBackup network daemon may allow an unprivileged local user to leverage the Veritas network daemon (vnetd) to gain elevated privileges on the system. This issue is referenced in Symantec Security Advisory SYM09-002 at: State: Resolved First released: 16-Apr-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_253287_security_vulnerability |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52269 | Symantec Veritas NetBackup vnetd Server Initial Communications Setup Remote C... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-26 | IAVM : 2009-T-0014 - Symantec Veritas NetBackup Communication Setup Remote Privilege Escalation Vu... Severity : Category I - VMSKEY : V0018500 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136859-02 File : solaris10_136859.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136860-02 File : solaris10_136860.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136863-01 File : solaris10_136863.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136864-01 File : solaris10_x86_136864.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136859-02 File : solaris8_136859.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136860-02 File : solaris8_136860.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136863-01 File : solaris8_136863.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136859-02 File : solaris9_136859.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136860-02 File : solaris9_136860.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 136863-01 File : solaris9_136863.nasl - Type : ACT_GATHER_INFO |