SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  BackupExec Vendors:  Veritas
(Vulnerability is Being Actively Exploited) Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry
SecurityTracker Alert ID:  1014342
SecurityTracker URL:  http://securitytracker.com/id?1014342
CVE Reference:  CAN-2005-0771   (Links to External Site)
Date:  Jun 30 2005
Impact:  Denial of service via network, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Advisory:  CERT (Computer Emergency Response Team)
Version(s): 10.0 and prior versions
Description:  Several vulnerabilities were provided in Veritas Backup Exec. A remote user can cause the target system to crash. A remote user can also modify the operating system configuration. A remote user can execute arbitrary code on the target system.

A remote user can exploit an access control vulnerability in VERITAS Backup Exec for Windows to modify the target system's Windows Registry with "Administrator" privileges.

A remote user can also exploit flaws in the VERITAS Backup Exec Remote Agent for Windows Servers and Remote Agent for NetWare Servers to cause the target system to crash. The flaws are due to improper processing of certain request packets and a null pointer reference.

A remote user can exploit a buffer overflow in VERITAS Software Backup Exec Remote Agent in the processing of certain authentication requests to execute arbitrary code on the target system.

Backup Exec 10.0 for Windows Servers rev. 5520 and Backup Exec 9.1.1156 for NetWare Servers are not affected.

The vendor's advisories are available at:

http://seer.support.veritas.com/docs/276533.htm
http://seer.support.veritas.com/docs/276604.htm
http://seer.support.veritas.com/docs/276605.htm

The vendor credits iDEFENSE with reporting these vulnerabilities.

US-CERT reported on June 29, 2005 that one of these vulnerabilities is being actively exploited and that exploit code is publicly available. An increase in scanning activity on TCP port 10000 has been observed, potentially as part of an attempt to locate systems running the VERITAS Backup Exec Remote Agent.

The US-CERT advisory is available at:

http://www.us-cert.gov/cas/techalerts/TA05-180A.html
Impact:  A remote user can modify the target system's Windows Registry (for Windows-based systems).

A remote user can execute arbitrary code on the target system.

A remote user can cause the target system to crash.
Solution:  The vendor has issued the following fixes.

VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers Hotfix 21
http://support.veritas.com/docs/276156

VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers Hotfix 31
http://support.veritas.com/docs/275911

VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers Hotfix 52
http://support.veritas.com/docs/275909

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers Hotfix 24
http://support.veritas.com/docs/275514

VERITAS Backup Exec 9.0.4202 for NetWare Servers Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers - upgrade to Backup Exec 10.0 rev. 5520 http://support.veritas.com/docs/277181

VERITAS Backup Exec 10.0 rev. 5484 and rev. 5520 for Windows Servers
(Remote Agent for NetWare Servers fix only):
http://support.veritas.com/docs/277478

VERITAS Backup Exec 9.0.4202 for NetWare Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421
Vendor URL:  seer.support.veritas.com/docs/276533.htm (Links to External Site)
Cause:  Access control error, Boundary error, Input validation error
Underlying OS:  Windows (Any)
Underlying OS Comments:  NetWare-based systems are also affected.

Message History:   This archive entry is a follow-up to the message listed below.
Jun 23 2005 Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry


 Source Message Contents
Date:  Thu, 30 Jun 2005 02:39:45 -0400
Subject:  http://www.us-cert.gov/cas/techalerts/TA05-180A.html

 
 
 
> Technical Cyber Security Alert TA05-180A
	
> VERITAS Backup Exec Software is actively being exploited
 
CVE: CAN-2005-0773


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC