1. CVE-Search
  2. CVE-2006-5822
ID CVE-2006-5822
Summary Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 21:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 21565
bugtraq 20061213 ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability
cert-vn VU#650432
confirm http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
misc http://www.zerodayinitiative.com/advisories/ZDI-06-050.html
sectrack 1017379
secunia 23368
vupen ADV-2006-4999
xf netbackup-connect-options-bo(30883)
saint via4
bid 21565
description VERITAS NetBackup bpcd daemon command chaining vulnerability
id misc_netbackupbpcd
osvdb 31334
title netbackup_bpcd_command_chaining
type remote
Last major update 17-10-2018 - 21:45
Published 14-12-2006 - 20:28
Last modified 17-10-2018 - 21:45
Back to Top