SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   BackupExec Vendors:   Symantec
Veritas Backup Exec Remote Agent Discloses Arbitrary Files to Remote Users
SecurityTracker Alert ID:  1014662
SecurityTracker URL:  http://securitytracker.com/id/1014662
CVE Reference:   CVE-2005-2611   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 12 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Backup Exec for Windows Servers 9.0, 9.1, and 10.0; Remote Agent for Windows Server; Remote Agent for Unix/Linux Server; for NetWare
Description:   A vulnerability was reported in Veritas Backup Exec. A remote user can download arbitrary files from the target system.

The software uses a hard-coded, default authentication password. A remote user can send a CONNECT_CLIENT_AUTH request with a certain encrypted password value to successfully authenticate to the target application and gain access to files on the target system.

The vendor has confirmed that the following versions are affected:

VERITAS Backup Exec for Windows Servers 9.0, 9.1, and 10.0
VERITAS Backup Exec Remote Agent for Windows Server
VERITAS Backup Exec Remote Agent for Unix/Linux Server
VERITAS Backup Exec for NetWare Servers 9.1
VERITAS Backup Exec Remote Agent for NetWare Server
VERITAS NetBackup for NetWare Media Server Option 4.5, 4.5 FP, 5.0, and 5.1

Some demonstration exploit code is available at:

http://www.milw0rm.com/id.php?id=1147

Several reports indicate that this vulnerability is being actively exploited.

Impact:   A remote user can gain access to the target application. With this access, the user can obtain files from the target system.
Solution:   Symantec/Veritas has issued fixes for NetBackup for Netware Media Server, Backup Exec for Netware Servers, and Backup Exec for Windows Servers.

NetBackup 4.5 Maintenance Pack 8B for Netware Media Servers:

http://support.veritas.com/docs/278456

NetBackup 4.5 Feature Pack 8B for Netware Media Servers:

http://support.veritas.com/docs/278457

NetBackup 5.0 Maintenance Pack 5B for Netware Media Servers:

http://support.veritas.com/docs/278458

NetBackup 5.1 Maintenance Pack 3B for Netware Media Servers:

http://support.veritas.com/docs/278459

Backup Exec 9.1.1158.3 for Netware Servers:

English Only Installation File: http://support.veritas.com/docs/278463
English/French/German Installation file: http://support.veritas.com/docs/278462

Users of Exec 9.0 for NetWare Servers must upgrade to version 9.1 or higher.

Backup Exec 9.0 4367 for Windows Servers Hotfix 22:

http://support.veritas.com/docs/278469

Backup Exec 9.0 4454 for Windows Servers Hotfix 32

http://support.veritas.com/docs/278468

Backup Exec 9.1 4691 for Windows Servers Hotfix 54

http://support.veritas.com/docs/278467

Backup Exec 10.0 5520 for Windows Servers Hotfix 15

http://support.veritas.com/docs/278465

Backup Exec 10.0 5520 Hotfix 16 - Remote Agent for Linux/UNIX Servers (RALUS) update

http://support.veritas.com/docs/278471

Backup Exec 10.0 5484 for Windows Servers Hotfix 30

http://support.veritas.com/docs/278466

Backup Exec 10.0 5484 Hotfix 31 - Remote Agent for Linux/UNIX Servers (RALUS) update

http://support.veritas.com/docs/278470

Users of Backup Exec 8.6 for Windows Servers must upgrade to a newer version to obtain a fix.

The vendor indicates that, as a workaround, you can block external access to TCP port 10000.

The vendor's advisories are available at:

http://seer.support.veritas.com/docs/278430.htm
http://seer.support.veritas.com/docs/278431.htm
http://seer.support.veritas.com/docs/278434.htm

Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/14551.html (Links to External Site)
Cause:   Authentication error, Configuration error, Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC