Vulnerability Name:

CVE-2004-1389 (CCN-17811)

Assigned:2004-10-21
Published:2004-10-21
Updated:2017-07-11
Summary:Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2004-1389

Source: CCN
Type: SA12901
VERITAS NetBackup "bpjava-susvc" Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
12901

Source: CCN
Type: Veritas Document ID: 271727
VERITAS NetBackup (tm) Java GUI is susceptible to an exploit

Source: CONFIRM
Type: Patch, Vendor Advisory
http://seer.support.veritas.com/docs/271727.htm

Source: CCN
Type: CIAC Information Bulletin P-020
VERITAS NetBackup (tm) Java GUI Vulnerability

Source: CIAC
Type: Patch, Vendor Advisory
P-020

Source: CCN
Type: US-CERT VU#685456
Veritas NetBackup bpjava-susvc process contains an input validation error

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#685456

Source: CCN
Type: OSVDB ID: 11026
VERITAS NetBackup bpjava-susvc Arbitrary Privileged Command Execution

Source: BID
Type: UNKNOWN
11494

Source: CCN
Type: BID-11494
Veritas NetBackup Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
nebackup-bpjavasusvc-gain-privileges(17811)

Source: XF
Type: UNKNOWN
nebackup-bpjavasusvc-gain-privileges(17811)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:veritas:netbackup:3.4.0:*:businessserver:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:3.4.0:*:datacenter:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:3.4.1:*:businessserver:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:3.4.1:*:datacenter:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:4.5.0:*:businessserver:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:4.5.0:*:datacenter:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:5.0:*:server:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:5.1:*:enterprise_server:*:*:*:*:*
  • OR cpe:/a:veritas:netbackup:5.1:*:server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    veritas netbackup 3.4.0
    veritas netbackup 3.4.0
    veritas netbackup 3.4.1
    veritas netbackup 3.4.1
    veritas netbackup 4.5.0
    veritas netbackup 4.5.0
    veritas netbackup 5.0
    veritas netbackup 5.1
    veritas netbackup 5.1
    hp hp-ux 10.20
    symantec veritas netbackup enterprise server 5.1
    symantec veritas netbackup server 5.1
    symantec veritas netbackup server 5.0
    hp hp-ux 11.00
    compaq tru64 5.0
    hp hp-ux 11.11
    compaq tru64 5.1
    microsoft windows 2003 server *