Mailing List Archive

Plugin 20148 Query - Netbackup Agent Detection
Hi,



apologies if this is the wrong place to query this.



Nessus plugin 20148 gives the scenario:



The remote host is running the VERITAS NetBackup Java Console
service.
This service is used by the NetBackup Java Console GUI to
manage the backup server.
A user, authorized to connect to this service, can use it as
a remote shell with system privileges by sending
'command_EXEC_LIST' messages.



With a risk factor of 'none'.



Would a kind person please explain a little further - which versions are vulnerable, if 'all' then is this an inherent functionality that cannot be removed, and if why is the risk none?



If an authorised user connects to the java service then how is that achieved, does that user have to have system privileges in which case I can see how the risk is 'none', or the service have a 'normal user' service account, in which case the risk could be something if the credentials of the service account are compromised.



Sorry to be noobish and lack of experience of the product does not help, but Google hasn't helped much and this question did not appear on any searches I tried.



Is there an example of what can be achieved so that I can evaluate in a test environment?



I've probably overlooked the obvious but happy to be shot down to be told :)



Many thanks.

_________________________________________________________________
25GB of FREE Online Storage – Find out more
http://clk.atdmt.com/UKM/go/134665320/direct/01/
Re: Plugin 20148 Query - Netbackup Agent Detection [ In reply to ]
> apologies if this is the wrong place to query this.

In the future, we'd encourage you to post questions or comments to the
discussion forums located at https://discussions.nessus.org/.

> Nessus plugin 20148 gives the scenario:
>
> The remote host is running the VERITAS NetBackup Java Console
> service.
> This service is used by the NetBackup Java Console GUI to
> manage the backup server.
> A user, authorized to connect to this service, can use it as
> a remote shell with system privileges by sending
> 'command_EXEC_LIST' messages.
>
> With a risk factor of 'none'.
>
> Would a kind person please explain a little further - which versions are
> vulnerable, if 'all' then is this an inherent functionality that cannot
> be removed, and if why is the risk none?

See below:

> If an authorised user connects to the java service then how is that
> achieved, does that user have to have system privileges in which case I
> can see how the risk is 'none', or the service have a 'normal user'
> service account, in which case the risk could be something if the
> credentials of the service account are compromised.
>
> Sorry to be noobish and lack of experience of the product does not help,
> but Google hasn't helped much and this question did not appear on any
> searches I tried.

The plugin is designed to test for the presence of the service. The wording
that you are seeing is just an informational piece indicating that if a user
is authorized (i.e., authenticated), that it essentially gives them full
privileges on the machine. Since it requires authentication to achieve these
privileges, the risk for the service being present is 'none'.

If an account has no password or there were some other form of gaining access
illicitly, the risk rating would reflect that. Since this is just detecting
the presence of the service, there are really no "vulnerable" versions in the
context you use above.

> Is there an example of what can be achieved so that I can evaluate in a
> test environment?

I'd recommend consulting the documentation for command syntax and additional
information.

Brian
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus