CVE-2006-4902

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1150%

EPSS Percentile4.10th

PublishedDec 14, 2006

Last ModifiedApr 23, 2026

Vulnerability Description

The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.

Affected Platforms (CPE)

📦

Symantec

Veritas Netbackup Client

= 5.0

📦

Symantec

Veritas Netbackup Client

= 5.1

📦

Symantec

Veritas Netbackup Client

= 6.0

📦

Symantec

Veritas Netbackup Enterprise Server

= 5.0

📦

Symantec

Veritas Netbackup Enterprise Server

= 5.1

📦

Symantec

Veritas Netbackup Enterprise Server

= 6.0

📦

Symantec

Veritas Netbackup Server

= 5.0

📦

Symantec

Veritas Netbackup Server

= 5.1

📦

Symantec

Veritas Netbackup Server

= 6.0

References & Advisories

🔗 http://secunia.com/advisories/23368

🔗 http://securitytracker.com/id?1017379

🔗 http://www.iss.net/threats/247.html

🔗 http://www.kb.cert.org/vuls/id/252936

🔗 http://www.securityfocus.com/bid/21565

🔗 http://www.symantec.com/avcenter/security/Content/2006.12.13a.html

🔗 http://www.vupen.com/english/advisories/2006/4999

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/27638

Vulnerability Description

Affected Platforms (CPE)

Veritas Netbackup Client

Veritas Netbackup Client

Veritas Netbackup Client

Veritas Netbackup Enterprise Server

Veritas Netbackup Enterprise Server

Veritas Netbackup Enterprise Server

Veritas Netbackup Server

Veritas Netbackup Server

Veritas Netbackup Server

References & Advisories

Related Vulnerabilities