Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Port 13722 hacktool log scan report- NetBackup clients and servers - Did You Patch? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 13722 hacktool log scan report- NetBackup clients and servers - Did You Patch?
We have received a submission from a contributor, Vlad A., of files taken from a compromised system that has a log detailing extensive scanning for Port 13722, exclusively. That's right, the log showed Internet scanning configured exclusively for Port 13722 and it had quite a surprising (maybe not too surpising) number of results. The logs were generated by a relatively newer "hack tool". DShield results for Port 13722 show a small number of systems scanning for this port. Recently. Since the vulnerability announcement. Thanks for the files Vlad!.

NetBackup clients and servers use Port 13722 and TippingPoint's Zero Day Initiative (ZDI) says the discovered "vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. Authentication is not required to exploit this vulnerability." And "This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the 'COMMAND_LOGON_TO_MSERVER' command. The vulnerable daemon listens on TCP port 13722 and affects both NetBackup clients and servers." They acknowledge "Credit: This vulnerability was discovered by Kevin Finisterre with exploitation assistance from JohnH.".

Patch and workaround information is at Veritas



193 Posts
Nov 11th 2005

Sign Up for Free or Log In to start participating in the conversation!