MidnightBSD

Advisories for symantec_veritas

CVE-2000-0494 HIGH

Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas volume_manager 3.0.2
symantec_veritas volume_manager 3.0.3
symantec_veritas volume_manager 3.0.4
CVE-2001-0107 MEDIUM

Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup 4.5
CVE-2001-0287 LOW

VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas cluster_server 1.3.0
CVE-2002-1117 MEDIUM

Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec *
CVE-2002-1374 HIGH

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle mysql 3.23.29
symantec_veritas netbackup_global_data_manager 4.5_fp1
oracle mysql 3.23.38
oracle mysql 3.23.51
oracle mysql 3.23.41
oracle mysql 3.23.46
oracle mysql 3.23.49
oracle mysql 4.0.2
oracle mysql 3.23.44
oracle mysql 3.22.28
oracle mysql 3.23.8
oracle mysql 3.23.43
oracle mysql 3.23.28
oracle mysql 4.0.1
symantec_veritas netbackup_global_data_manager 4.5_mp2
oracle mysql 3.23.9
oracle mysql 3.23.10
symantec_veritas netbackup_global_data_manager 4.5_fp2
oracle mysql 4.0.3
oracle mysql 3.22.32
oracle mysql 3.23.47
oracle mysql 3.23.37
oracle mysql 3.23.40
oracle mysql 3.23.25
symantec_veritas netbackup_advanced_reporter 4.5_mp2
oracle mysql 3.23.5
oracle mysql 3.23.4
symantec_veritas netbackup_global_data_manager 4.5_mp1
oracle mysql 3.23.50
oracle mysql 3.23.45
symantec_veritas netbackup_advanced_reporter 4.5_fp1
symantec_veritas netbackup_global_data_manager 4.5_fp3
oracle mysql 3.23.27
oracle mysql 3.23.42
oracle mysql 3.23.52
symantec_veritas netbackup_advanced_reporter 3.4
oracle mysql 3.23.23
oracle mysql 3.23.39
symantec_veritas netbackup_advanced_reporter 4.5
oracle mysql 4.0.5a
symantec_veritas netbackup_advanced_reporter 4.5_fp3
symantec_veritas netbackup_advanced_reporter 4.5_mp1
oracle mysql 3.22.26
oracle mysql 3.23.31
oracle mysql 3.23.53a
oracle mysql 3.23.3
oracle mysql 3.23.26
oracle mysql 3.23.30
oracle mysql 3.23.2
symantec_veritas netbackup_global_data_manager 4.5_mp3
oracle mysql 3.23.36
oracle mysql 3.23.53
symantec_veritas netbackup_advanced_reporter 4.5_fp2
oracle mysql 3.23.24
symantec_veritas netbackup_global_data_manager 4.5
symantec_veritas netbackup_advanced_reporter 4.5_mp3
oracle mysql 3.22.29
oracle mysql 3.22.27
oracle mysql 3.23.48
oracle mysql 3.22.30
oracle mysql 3.23.34
oracle mysql 4.0.0
CVE-2002-1375 HIGH

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle mysql 3.23.29
symantec_veritas netbackup_global_data_manager 4.5_fp1
oracle mysql 3.23.38
oracle mysql 3.23.51
oracle mysql 3.23.41
oracle mysql 3.23.46
oracle mysql 3.23.49
oracle mysql 4.0.2
oracle mysql 3.23.44
oracle mysql 3.22.28
oracle mysql 3.23.8
oracle mysql 3.23.43
oracle mysql 3.23.28
oracle mysql 4.0.1
symantec_veritas netbackup_global_data_manager 4.5_mp2
oracle mysql 3.23.9
oracle mysql 3.23.10
symantec_veritas netbackup_global_data_manager 4.5_fp2
oracle mysql 4.0.3
oracle mysql 3.22.32
oracle mysql 3.23.47
oracle mysql 3.23.37
oracle mysql 3.23.40
oracle mysql 3.23.25
symantec_veritas netbackup_advanced_reporter 4.5_mp2
oracle mysql 3.23.5
oracle mysql 3.23.4
symantec_veritas netbackup_global_data_manager 4.5_mp1
oracle mysql 3.23.50
oracle mysql 3.23.45
symantec_veritas netbackup_advanced_reporter 4.5_fp1
symantec_veritas netbackup_global_data_manager 4.5_fp3
oracle mysql 3.23.27
oracle mysql 3.23.42
oracle mysql 3.23.52
symantec_veritas netbackup_advanced_reporter 3.4
oracle mysql 3.23.23
oracle mysql 3.23.39
symantec_veritas netbackup_advanced_reporter 4.5
oracle mysql 4.0.5a
symantec_veritas netbackup_advanced_reporter 4.5_fp3
symantec_veritas netbackup_advanced_reporter 4.5_mp1
oracle mysql 3.22.26
oracle mysql 3.23.31
oracle mysql 3.23.53a
oracle mysql 3.23.3
oracle mysql 3.23.26
oracle mysql 3.23.30
oracle mysql 3.23.2
symantec_veritas netbackup_global_data_manager 4.5_mp3
oracle mysql 3.23.36
oracle mysql 3.23.53
symantec_veritas netbackup_advanced_reporter 4.5_fp2
oracle mysql 3.23.24
symantec_veritas netbackup_global_data_manager 4.5
symantec_veritas netbackup_advanced_reporter 4.5_mp3
oracle mysql 3.22.29
oracle mysql 3.22.27
oracle mysql 3.23.48
oracle mysql 3.22.30
oracle mysql 3.23.34
oracle mysql 4.0.0
CVE-2002-1376 HIGH

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle mysql 3.23.29
symantec_veritas netbackup_global_data_manager 4.5_fp1
oracle mysql 3.23.38
oracle mysql 3.23.51
oracle mysql 3.23.41
oracle mysql 3.23.46
oracle mysql 3.23.49
oracle mysql 4.0.2
oracle mysql 3.23.44
oracle mysql 3.22.28
oracle mysql 3.23.8
oracle mysql 3.23.43
oracle mysql 3.23.28
oracle mysql 4.0.1
symantec_veritas netbackup_global_data_manager 4.5_mp2
oracle mysql 3.23.9
oracle mysql 3.23.10
symantec_veritas netbackup_global_data_manager 4.5_fp2
oracle mysql 4.0.3
oracle mysql 3.22.32
oracle mysql 3.23.47
oracle mysql 3.23.37
oracle mysql 3.23.40
oracle mysql 3.23.25
symantec_veritas netbackup_advanced_reporter 4.5_mp2
oracle mysql 3.23.5
oracle mysql 3.23.4
symantec_veritas netbackup_global_data_manager 4.5_mp1
oracle mysql 3.23.50
oracle mysql 3.23.45
symantec_veritas netbackup_advanced_reporter 4.5_fp1
symantec_veritas netbackup_global_data_manager 4.5_fp3
oracle mysql 3.23.27
oracle mysql 3.23.42
oracle mysql 3.23.52
symantec_veritas netbackup_advanced_reporter 3.4
oracle mysql 3.23.23
oracle mysql 3.23.39
symantec_veritas netbackup_advanced_reporter 4.5
oracle mysql 4.0.5a
symantec_veritas netbackup_advanced_reporter 4.5_fp3
symantec_veritas netbackup_advanced_reporter 4.5_mp1
oracle mysql 3.22.26
oracle mysql 3.23.31
oracle mysql 3.23.53a
oracle mysql 3.23.3
oracle mysql 3.23.26
oracle mysql 3.23.30
oracle mysql 3.23.2
symantec_veritas netbackup_global_data_manager 4.5_mp3
oracle mysql 3.23.36
oracle mysql 3.23.53
symantec_veritas netbackup_advanced_reporter 4.5_fp2
oracle mysql 3.23.24
symantec_veritas netbackup_global_data_manager 4.5
symantec_veritas netbackup_advanced_reporter 4.5_mp3
oracle mysql 3.22.29
oracle mysql 3.22.27
oracle mysql 3.23.48
oracle mysql 3.22.30
oracle mysql 3.23.34
oracle mysql 4.0.0
CVE-2002-1817 HIGH

Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas cluster_server 1.3_solaris
symantec_veritas cluster_server 1.2_nt
symantec_veritas cluster_server 1.3_hp-ux
symantec_veritas cluster_server 1.3
CVE-2004-1172 HIGH

Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec 8.0
symantec_veritas backup_exec 9.1
symantec_veritas backup_exec 8.5
symantec_veritas backup_exec 9.0
symantec_veritas backup_exec 8.6
CVE-2004-2205 HIGH

Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas cluster_server 1.3_solaris
symantec_veritas cluster_server 3.5_hp-ux_update_1
symantec_veritas cluster_server 1.2_nt
symantec_veritas cluster_server 3.5_mp1j
symantec_veritas cluster_server 3.5_p1
symantec_veritas cluster_server 1.0.2_solaris
symantec_veritas cluster_server 3.5_solaris_mp2
symantec_veritas cluster_server 1.3_hp-ux
symantec_veritas cluster_server 3.5_hp-ux_update_2
symantec_veritas cluster_server 1.3_p4
symantec_veritas cluster_server 1.3_nt
symantec_veritas cluster_server 2.0_solaris_ga
symantec_veritas cluster_server 4.0_solaris
symantec_veritas cluster_server 1.3_p1
symantec_veritas cluster_server 2.0_p1
symantec_veritas cluster_server 1.3
symantec_veritas cluster_server 3.5_solaris_beta
symantec_veritas cluster_server 1.3.1_p3
symantec_veritas cluster_server 3.5.1_aix
symantec_veritas cluster_server 4.0_solaris_beta
symantec_veritas cluster_server 2.1
symantec_veritas cluster_server 1.1.2_solaris
symantec_veritas cluster_server 4.0_linux
symantec_veritas cluster_server 2.1_linux_p1
symantec_veritas cluster_server 2.0_solaris_beta
symantec_veritas cluster_server 2.1_linux
symantec_veritas cluster_server 3.5_mp2
symantec_veritas cluster_server 2.0_solaris
symantec_veritas cluster_server 3.5
symantec_veritas cluster_server 2.2_linux
symantec_veritas cluster_server 3.5_mp1
symantec_veritas cluster_server 3.5_solaris
symantec_veritas cluster_server 1.1_solaris
symantec_veritas cluster_server 3.5_solaris_mp3
symantec_veritas cluster_server 2.0_p2
symantec_veritas cluster_server 1.3.1_hp-ux
symantec_veritas cluster_server 3.5_aix
symantec_veritas cluster_server 2.2_mp1
symantec_veritas cluster_server 1.3_solaris_pre-ga
symantec_veritas cluster_server 2.0_p3
symantec_veritas cluster_server 2.2_mp2
symantec_veritas cluster_server 1.1.1_solaris
symantec_veritas cluster_server 2.2
symantec_veritas cluster_server 2.0_linux
symantec_veritas cluster_server 1.0.1_solaris
symantec_veritas cluster_server 2.0_p4
symantec_veritas cluster_server 2.2_linux_mp1p1
symantec_veritas cluster_server 1.3_p3
symantec_veritas cluster_server 2.0
symantec_veritas cluster_server 3.5_solaris_mp1
symantec_veritas cluster_server 2.0_aix
symantec_veritas cluster_server 4.0_linux_beta
symantec_veritas cluster_server 3.5_hp-ux
symantec_veritas cluster_server 1.3_p2
symantec_veritas cluster_server 4.0_aix_beta
symantec_veritas cluster_server 4.0_aix
CVE-2005-0771 HIGH

VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec 9.0_rev.4454
symantec_veritas backup_exec 9.0_rev.4367
symantec_veritas backup_exec 10.0_rev.5484
symantec_veritas backup_exec 9.1_rev.4691
CVE-2005-0773 HIGH

Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec 9.0_rev.4454_sp1
symantec_veritas backup_exec 9.0.4019
symantec_veritas backup_exec 9.0.4172
symantec_veritas backup_exec 9.1.1152.4
symantec_veritas backup_exec 9.0_rev.4454
symantec_veritas backup_exec 9.1_rev.4691_sp2
symantec_veritas backup_exec 9.1.307
symantec_veritas backup_exec 9.1.1067.2
symantec_veritas backup_exec 9.0.4174
symantec_veritas backup_exec 9.1.1151.1
symantec_veritas backup_exec 10.0_rev.5484
symantec_veritas backup_exec 9.1.1154
symantec_veritas backup_exec 9.1_rev.4691
symantec_veritas backup_exec 9.1.306
symantec_veritas backup_exec 9.0.4170
symantec_veritas backup_exec 10.0_rev.5484_sp1
symantec_veritas backup_exec 9.1.1152
symantec_veritas backup_exec 9.0_rev.4367
symantec_veritas backup_exec 9.1.1127.1
symantec_veritas backup_exec 9.0_rev.4367_sp1
symantec_veritas backup_exec 9.0.4202
symantec_veritas backup_exec 9.1.1067.3
CVE-2005-1131 HIGH

Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas i3_focalpoint_server 7.1
CVE-2005-2051 HIGH

Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec 9.1
symantec_veritas backup_exec 9.0_rev.4454
symantec_veritas backup_exec 10.0
symantec_veritas backup_exec 9.0_rev.4367
symantec_veritas backup_exec 9.0
symantec_veritas backup_exec 10.0_rev.5484
symantec_veritas backup_exec 9.1_rev.4691
CVE-2005-2079 HIGH

Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec 9.0_rev.4454
symantec_veritas backup_exec 9.0_rev.4367
symantec_veritas backup_exec 10.0_rev.5484
symantec_veritas backup_exec 9.1_rev.4691
CVE-2005-2080 HIGH

Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec 9.0.4019
symantec_veritas backup_exec 9.0.4172
symantec_veritas backup_exec 9.1.1152.4
symantec_veritas backup_exec 9.1
symantec_veritas backup_exec 9.1.307
symantec_veritas backup_exec 9.1.1067.2
symantec_veritas backup_exec 9.0.4174
symantec_veritas backup_exec 9.0
symantec_veritas backup_exec 9.1.1151.1
symantec_veritas backup_exec 9.1.1154
symantec_veritas backup_exec 9.1.306
symantec_veritas backup_exec 9.0.4170
symantec_veritas backup_exec 9.1.1152
symantec_veritas backup_exec 10.0
symantec_veritas backup_exec 9.1.1127.1
symantec_veritas backup_exec 9.0.4202
symantec_veritas backup_exec 9.1.1067.3
CVE-2005-2389 MEDIUM

NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas netbackup_server 5.1
symantec_veritas netbackup_enterprise_server 5.1
CVE-2005-2611 HIGH

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec windows_servers_9.0
symantec_veritas netbackup netware_media_servers_4.5_mp5
symantec_veritas backup_exec netware_servers_9.0.4170
symantec_veritas backup_exec netware_servers_9.0.4172
symantec_veritas backup_exec netware_servers_9.0.4174
symantec_veritas backup_exec windows_servers_9.1_rev._4691_sp2
symantec_veritas netbackup netware_media_servers_5.0_mp2
symantec_veritas backup_exec netware_servers_9.1.1127_.1
symantec_veritas netbackup netware_media_servers_5.1_mp1
symantec_veritas backup_exec netware_servers_9.1.1152_.4
symantec_veritas netbackup netware_media_servers_4.5_mp1
symantec_veritas backup_exec netware_servers_9.0.4019
symantec_veritas netbackup netware_media_servers_5.0_mp3
symantec_veritas backup_exec netware_servers_9.1.1151_.1
symantec_veritas backup_exec netware_servers_9.0.4202
symantec_veritas backup_exec windows_servers_9.1_rev._4691
symantec_veritas netbackup netware_media_servers_4.5_fp3
symantec_veritas netbackup netware_media_servers_5.0_mp5
symantec_veritas backup_exec windows_servers_10.0_rev._5520
symantec_veritas netbackup netware_media_servers_5.0_mp4
symantec_veritas backup_exec windows_servers_9.0_rev._4367
symantec_veritas netbackup netware_media_servers_5.0_mp1
symantec_veritas backup_exec windows_servers_9.0_rev._4454_sp1
symantec_veritas netbackup netware_media_servers_4.5_mp2
symantec_veritas backup_exec netware_servers_9.1.307
symantec_veritas backup_exec_remote_agent windows_server
symantec_veritas backup_exec windows_servers_10.0_rev._5484
symantec_veritas netbackup netware_media_servers_4.5_fp5
symantec_veritas backup_exec windows_servers_9.0_rev._4367_sp1
symantec_veritas backup_exec windows_servers_9.0_rev._4454
symantec_veritas backup_exec_remote_agent unix_linux_server
symantec_veritas netbackup netware_media_servers_4.5_fp8
symantec_veritas backup_exec_remote_agent netware_server
symantec_veritas netbackup netware_media_servers_5.1
symantec_veritas netbackup netware_media_servers_4.5_mp8
symantec_veritas backup_exec netware_servers_9.1.1067_.3
symantec_veritas netbackup netware_media_servers_4.5_fp1
symantec_veritas backup_exec netware_servers_9.1.1154
symantec_veritas backup_exec windows_servers_9.1
symantec_veritas netbackup netware_media_servers_4.5_mp3
symantec_veritas netbackup netware_media_servers_4.5_fp7
symantec_veritas backup_exec netware_servers_9.1.306
symantec_veritas netbackup netware_media_servers_4.5_mp4
symantec_veritas netbackup netware_media_servers_5.1_mp3
symantec_veritas backup_exec netware_servers_9.1.1152
symantec_veritas netbackup netware_media_servers_4.5_mp6
symantec_veritas netbackup netware_media_servers_4.5_fp2
symantec_veritas backup_exec netware_servers_9.1.1156
symantec_veritas netbackup netware_media_servers_4.5_fp6
symantec_veritas backup_exec windows_servers_8.6
symantec_veritas netbackup netware_media_servers_4.5
symantec_veritas netbackup netware_media_servers_5.1_mp2
symantec_veritas backup_exec windows_servers_10.0_rev._5484_sp1
symantec_veritas netbackup netware_media_servers_5.0
symantec_veritas backup_exec netware_servers_9.1.1067_.2
symantec_veritas netbackup netware_media_servers_4.5_mp7
symantec_veritas netbackup netware_media_servers_4.5_fp4
CVE-2005-2715 HIGH

Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas netbackup_enterprise_server_client 6.0
symantec_veritas netbackup_data_and_business_center 4.5fp
symantec_veritas netbackup_enterprise_server_client 5.1
symantec_veritas netbackup_data_and_business_center 4.5mp
symantec_veritas netbackup_enterprise_server_client 5.0
CVE-2005-2996 HIGH

Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas storagecentral 5.2_rev._2190r
symantec_veritas storage_exec 5.3_rev._2190r
CVE-2005-3116 HIGH

Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas netbackup 5.0_with_mp2
symantec_veritas netbackup 5.1_without_mp
symantec_veritas netbackup 5.0_with_mp5
symantec_veritas netbackup 5.1_with_mp1
symantec_veritas netbackup 5.1_with_mp2
symantec_veritas netbackup 5.0_with_mp3
symantec_veritas netbackup 5.1_with_mp3a
symantec_veritas netbackup 5.0_with_mp4
symantec_veritas netbackup 5.0_with_mp1
CVE-2005-3566 MEDIUM

Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas cluster_server 4.0_linux
symantec_veritas storage_foundation 3.5_solaris
symantec_veritas storage_foundation_cluster_file_system 4.0_linux
symantec_veritas storage_foundation 4.0_linux
symantec_veritas cluster_server 3.5_hp-ux_update_1
symantec_veritas sanpoint_control_quickstart 3.5_solaris
symantec_veritas storage_foundation 2.2_linux
symantec_veritas storage_foundation 4.0_aix
symantec_veritas cluster_server 3.5_mp2
symantec_veritas cluster_server 3.5
symantec_veritas storage_foundation 4.0_solaris
symantec_veritas cluster_server 3.5_mp1j
symantec_veritas storage_foundation_cluster_file_system 4.0_solaris
symantec_veritas cluster_server 2.2_linux
symantec_veritas cluster_server 3.5_mp1
symantec_veritas cluster_server 3.5_p1
symantec_veritas cluster_server 3.5_solaris
symantec_veritas cluster_server 3.5_solaris_mp2
symantec_veritas cluster_server 3.5_solaris_mp3
symantec_veritas cluster_server 3.5_hp-ux_update_2
symantec_veritas storage_foundation 2.2_vmware_esx
symantec_veritas storage_foundation 3.5_hp-ux
symantec_veritas storage_foundation_cluster_file_system 4.0_aix
symantec_veritas cluster_server 3.5_aix
symantec_veritas cluster_server 2.2_mp1
symantec_veritas cluster_server 2.2_mp2
symantec_veritas storage_foundation 3.4_aix
symantec_veritas cluster_server 2.2
symantec_veritas cluster_server 4.0_solaris_mp1
symantec_veritas cluster_server 4.0_solaris
symantec_veritas cluster_server 2.2_linux_mp1p1
symantec_veritas cluster_server 3.5_solaris_beta
symantec_veritas storage_foundation 3.0_aix
symantec_veritas cluster_server 3.5_solaris_mp1
symantec_veritas cluster_server 4.0_linux_beta
symantec_veritas cluster_server 3.5_hp-ux
symantec_veritas cluster_server 4.0_solaris_beta
symantec_veritas storage_foundation 1.0_aix
symantec_veritas cluster_server 4.0_aix_beta
symantec_veritas cluster_server 4.0_aix
CVE-2006-1297 MEDIUM

Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec_remote_agent windows_server_10.1
symantec_veritas backup_exec netware_server_9.2
symantec_veritas backup_exec netware_server_9.1
symantec_veritas backup_exec_remote_agent unix_linux_server_10.1
symantec_veritas backup_exec_remote_agent netware_server_9.2
symantec_veritas backup_exec_remote_agent windows_server_10.0
symantec_veritas backup_exec_remote_agent netware_server_9.1
symantec_veritas backup_exec_remote_agent windows_server_9.1
CVE-2006-1298 MEDIUM

Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
symantec_veritas backup_exec 9.1
symantec_veritas backup_exec 10.0