Vulnerabilities > CVE-2004-1389 - Unspecified vulnerability in Veritas Netbackup

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

veritas

exploit available

metasploit

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.

Vulnerable Configurations

Part	Description	Count
Application	Veritas Veritas Netbackup 3.4.1 Veritas Netbackup 3.4.0 Veritas Netbackup 5.0 Veritas Netbackup 5.1 Veritas Netbackup 4.5.0	9

Exploit-Db

description	Veritas NetBackup Remote Command Execution. CVE-2004-1389. Remote exploits for multiple platform
id	EDB-ID:9941
last seen	2016-02-01
modified	2004-10-21
published	2004-10-21
reporter	patrick
source	https://www.exploit-db.com/download/9941/
title	Veritas NetBackup - Remote Command Execution

description	VERITAS NetBackup Remote Command Execution. CVE-2004-1389. Remote exploits for multiple platform
id	EDB-ID:16290
last seen	2016-02-01
modified	2010-10-09
published	2010-10-09
reporter	metasploit
source	https://www.exploit-db.com/download/16290/
title	VERITAS NetBackup Remote Command Execution

Metasploit

description	This module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.
id	MSF:EXPLOIT/MULTI/MISC/VERITAS_NETBACKUP_CMDEXEC
last seen	2020-05-22
modified	2017-11-08
published	2008-11-13
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1389
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb
title	VERITAS NetBackup Remote Command Execution

Packetstorm

data source	https://packetstormsecurity.com/files/download/82267/veritas_netbackup_cmdexec.rb.txt
id	PACKETSTORM:82267
last seen	2016-12-05
published	2009-10-27
reporter	patrick
source	https://packetstormsecurity.com/files/82267/VERITAS-NetBackup-Remote-Command-Execution.html
title	VERITAS NetBackup Remote Command Execution

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Packetstorm

References