Document ID: 273419
http://support.veritas.com/docs/273419
 
Remote exploitation of a stack-based buffer overflow vulnerability in Backup Exec 8.x 
and 9.x may allow the unauthorized execution of arbitrary code.
 
Details:
 
The vulnerability specifically exists within the function responsible for receiving 
and parsing registration requests. The issue allows a remote attacker to execute 
arbitrary code under the privileges of one of the VERITAS Backup Exec (tm) service 
processes, which is usually a domain administrative account.
 
A hotfix is available for the following versions of Backup Exec:
 
Backup Exec 8.6 installations should have the following hotfix applied:
BENT86HF68_273422.exe 8.60.3878 Hotfix 68 - Backup Exec (buffer overflow creates a security hole in a
gent browser)
 http://support.veritas.com/docs/273422
 
Note: Backup Exec 8.x installations should be upgraded to Backup Exec 8.6 Build 3878 prior to the ins
tallation of the hotfix.
 
 
Backup Exec 9.1 installations should have the following hotfix applied:
Be4691RHF40_273420.exe 9.1.4691 Hotfix 40 - Backup Exec (buffer overflow creates a 
security hole in agent browser)
 http://support.veritas.com/docs/273420
 
Note: Backup Exec 9.0 and 9.1 installations should be upgraded to Backup Exec 9.1 
Build 4691 Service Pack 1 prior to the installation of the hotfix.
 
 
Workaround for all Backup Exec versions:
To avoid this issue in any version of Backup Exec, a firewall can be used to restrict 
incoming connections to trusted workstations running Backup Exec software.
 
Note: VERITAS Technical Services recommends that Backup Exec installations are always 
kept at the latest version, build, and hotfix level available. It is also recommended 
that a full backup is performed prior to and after any changes are made to a software 
environment. If you have any questions or concerns about this issue, please contact 
VERITAS Technical Services.
 
 
VERITAS Software has acknowledged that the above-mentioned issue may be present in 
earlier versions of the product which are no longer supported. There are no plans to 
address this issue by way of a patch or hotfix in any end-of-life versions of the 
product at the present time. The issue has been addressed in all supported versions 
of the product specified at the end of this article. If you have an unsupported 
version of the product, you will have to move to a supported version of the product 
to apply the patch or implement the workaround mentioned above.
 
Related Documents:
 
241035: VERITAS Backup Exec (tm) 8.6 for Windows NT build 3878 (Intel) (English)
 http://support.veritas.com/docs/241035
 
 
264658: Q118478.BEWS.91.4691.1_264658.zip  VERITAS Backup Exec (tm) 9.1 for Windows Servers revision 
4691.1 (Single .ZIP download)
 http://support.veritas.com/docs/264658
 
 
267180: Be4691RSP1_267180.exe  VERITAS Backup Exec (tm) 9.1 for Windows Servers revision 4691 - Servi
ce Pack 1
 http://support.veritas.com/docs/267180
 
 
 
 
 
 
 
 
Supplemental Material:
 
System: Ref.#	Description
ETrack: 275793 	BEWS: Buffer overflow creates a security hole in Agent Browser (BEWS 8.6)
ETrack: 275738 	BEWS: Buffer overflow creates a security hole in Agent Browser (BEWS 9.1)
 
Products Applied:
 Backup Exec for Windows Servers 8.0, 8.5, 8.6, 9.0, 9.1
 
Last Updated: December 15 2004 04:41 PM GMT
Expires on: 12-15-2005
Subscribe Via E-Mail IconSubscribe to this document
 
Subjects:
 Backup Exec for Windows Servers
   Application: Alert, Troubleshooting
   Publishing Status: Techalert
 
Languages:
 English (US)
 
Operating Systems:
Windows 2000
 
Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, 
SAK, Server, Server Windows Powered
 
Windows NT
 
4.0 Server SP6a, 4.0 Workstation SP6a
 
Windows NT Small Business Server
 
2000, 4.5
 
Windows XP
 
Home 5.1, Pro 5.1
 
Windows Server 2003
 
DataCenter, Enterprise Server, Standard Server, Storage Server, Web Server
 
Windows Small Business Server 2003
 
Premium Edition, Standard Edition