1. CVE-Search
  2. CVE-2006-6222
ID CVE-2006-6222
Summary Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 21565
bugtraq 20061213 ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability
cert-vn VU#607312
confirm http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
misc http://www.zerodayinitiative.com/advisories/ZDI-06-049.html
sectrack 1017379
secunia 23368
sreason 2033
vupen ADV-2006-4999
xf
  • netbackup-connect-options-bo(30883)
  • netbackup-long-request-bo(30882)
saint via4
bid 21565
description VERITAS NetBackup bpcd daemon command chaining vulnerability
id misc_netbackupbpcd
osvdb 31334
title netbackup_bpcd_command_chaining
type remote
Last major update 17-10-2018 - 21:47
Published 14-12-2006 - 20:28
Last modified 17-10-2018 - 21:47
Back to Top