> apologies if this is the wrong place to query this. In the future, we'd encourage you to post questions or comments to the discussion forums located at https://discussions.nessus.org/.
> Nessus plugin 20148 gives the scenario: > > The remote host is running the VERITAS NetBackup Java Console > service. > This service is used by the NetBackup Java Console GUI to > manage the backup server. > A user, authorized to connect to this service, can use it as > a remote shell with system privileges by sending > 'command_EXEC_LIST' messages. > > With a risk factor of 'none'. > > Would a kind person please explain a little further - which versions are > vulnerable, if 'all' then is this an inherent functionality that cannot > be removed, and if why is the risk none? See below: > If an authorised user connects to the java service then how is that > achieved, does that user have to have system privileges in which case I > can see how the risk is 'none', or the service have a 'normal user' > service account, in which case the risk could be something if the > credentials of the service account are compromised. > > Sorry to be noobish and lack of experience of the product does not help, > but Google hasn't helped much and this question did not appear on any > searches I tried. The plugin is designed to test for the presence of the service. The wording that you are seeing is just an informational piece indicating that if a user is authorized (i.e., authenticated), that it essentially gives them full privileges on the machine. Since it requires authentication to achieve these privileges, the risk for the service being present is 'none'. If an account has no password or there were some other form of gaining access illicitly, the risk rating would reflect that. Since this is just detecting the presence of the service, there are really no "vulnerable" versions in the context you use above. > Is there an example of what can be achieved so that I can evaluate in a > test environment? I'd recommend consulting the documentation for command syntax and additional information. Brian Tenable Network Security _______________________________________________ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
