ASA-2018-00004 – Veritas NetBackup Appliance: Use-after-free vulnerability in Veritas Backup Exec agents can lead to a denial of service or remote code execution


Allele Security Alert

ASA-2018-00004

Identifier(s)

ASA-2018-00004, CVE-2018-18652, VTS18-003

Title

Use-after-free vulnerability in Veritas Backup Exec agents can lead to a denial of service or remote code execution

Vendor(s)

Veritas

Product(s)

Veritas NetBackup Appliance

Affected version(s)

Veritas NetBackup Appliance 3.1.1 and earlier

Fixed version(s)

NetBackup Appliance 3.1.2

Description

Remote command execution vulnerability in Veritas NetBackup Appliance that allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.

Technical details

Unknown

Reference(s)

VTS18-003: Remote command execution vulnerability in NetBackup Appliance
https://www.veritas.com/content/support/en_US/security/VTS18-003.html

CVE-2018-18652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18652

CVE-2018-18652
https://nvd.nist.gov/vuln/detail/CVE-2018-18652

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 1, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.