CVE-2005-2715

Name of the Vulnerable Software and Affected Versions VERITAS NetBackup Data and Business Center versions 4.5FP through 4.5MP VERITAS NetBackup Enterprise/Server/Client versions 5.0 through 6.0

Description The issue is related to a format string vulnerability in the Java user interface service daemon. This vulnerability allows remote attackers to execute arbitrary code via the COMMAND LOGON TO MSERVER command.

Recommendations For VERITAS NetBackup Data and Business Center versions 4.5FP through 4.5MP, consider disabling the bpjava-msvc daemon until a patch is available. For VERITAS NetBackup Enterprise/Server/Client versions 5.0 through 6.0, restrict access to the COMMAND LOGON TO MSERVER command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.