Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 253287 Security Vulnerability in the VERITAS (Symantec) NetBackup Network Daemon may Allow Escalation of Privileges |
| Informations | |||
|---|---|---|---|
| Name | SUN-253287 | First vendor Publication | 2009-04-16 |
| Vendor | Sun | Last vendor Modification | 2009-04-16 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Veritas NetBackup 6.0 Veritas NetBackup 6.5 A Security Vulnerability in the VERITAS (Symantec) NetBackup network daemon may allow an unprivileged local user to leverage the Veritas network daemon (vnetd) to gain elevated privileges on the system. This issue is referenced in Symantec Security Advisory SYM09-002 at: State: Resolved First released: 16-Apr-2009 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_253287_security_vulnerability |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 52269 | Symantec Veritas NetBackup vnetd Server Initial Communications Setup Remote C... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-02-26 | IAVM : 2009-T-0014 - Symantec Veritas NetBackup Communication Setup Remote Privilege Escalation Vu... Severity : Category I - VMSKEY : V0018500 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136859-02 File : solaris10_136859.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136860-02 File : solaris10_136860.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136863-01 File : solaris10_136863.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136864-01 File : solaris10_x86_136864.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136859-02 File : solaris8_136859.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136860-02 File : solaris8_136860.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136863-01 File : solaris8_136863.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136859-02 File : solaris9_136859.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136860-02 File : solaris9_136860.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 136863-01 File : solaris9_136863.nasl - Type : ACT_GATHER_INFO |
