CVE-2004-1389
published 2004-12-31CVE-2004-1389: Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and…
PriorityP339medium6CVSS 2.0
AVLACHAuSCCICAC
EXPLOIT
EPSS
9.86%
95.0th percentile
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veritas | netbackup | — | — |
| veritas | netbackup | — | — |
| veritas | netbackup | — | — |
| veritas | netbackup | — | — |
| veritas | netbackup | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Veritas NetBackup - Remote Command Execution (Metasploit)
exploitdb·2004-10-21
CVE-2004-1389 Veritas NetBackup - Remote Command Execution (Metasploit)
Veritas NetBackup - Remote Command Execution (Metasploit)
---
##
# $Id: veritas_netbackup_cmdexec.rb 10617 2010-10-09 06:55:52Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'VERITAS NetBackup Remote Command Execution',
'Description' => %q{
This module allows arbitrary command execution on an
ephemeral port opened by Veritas NetBackup, whilst an
administrator is authenticated. The port is opened and
allows direct console access as root or SYSTEM from
any source address.
},
'Author' => [ 'patrick' ],
'License' => MSF_LICENSE,
'Versi
Metasploit
VERITAS NetBackup Remote Command Execution
metasploit
VERITAS NetBackup Remote Command Execution
VERITAS NetBackup Remote Command Execution
This module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.
No writeups or analysis indexed.
http://secunia.com/advisories/12901/http://seer.support.veritas.com/docs/271727.htmhttp://www.ciac.org/ciac/bulletins/p-020.shtmlhttp://www.kb.cert.org/vuls/id/685456http://www.securityfocus.com/bid/11494https://exchange.xforce.ibmcloud.com/vulnerabilities/17811http://secunia.com/advisories/12901/http://seer.support.veritas.com/docs/271727.htmhttp://www.ciac.org/ciac/bulletins/p-020.shtmlhttp://www.kb.cert.org/vuls/id/685456http://www.securityfocus.com/bid/11494https://exchange.xforce.ibmcloud.com/vulnerabilities/17811
2004-12-31
Published