Command Injection Vulnerability in Symantec Veritas NetBackup
CVE-2006-4902

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas Netbackup Server; Veritas Netbackup Enterprise Server; Veritas Netbackup Client
Vendor: CVE Published:; 14 December 2006

Summary

The bpcd daemon in Symantec's Veritas NetBackup is susceptible to a command injection flaw due to inadequate validation of chained commands. This vulnerability enables remote attackers to execute arbitrary commands by appending malicious instructions to legitimate commands. The affected versions include NetBackup 5.0 prior to MP7, 5.1 prior to MP6, and 6.0 prior to MP4. Users are advised to upgrade to the latest patched versions to mitigate this significant risk.

References

http://secunia.com/advisories/23368

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/27638

vdb-entryx_refsource_XF

http://securitytracker.com/id?1017379

vdb-entryx_refsource_SECTRACK

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Sep 20, 2006