Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Try our Premium Alert Service
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service

Category:   Application (Generic)  >   BackupExec Vendors:   Symantec
Veritas Backup Exec Remote Agent Discloses Arbitrary Files to Remote Users
SecurityTracker Alert ID:  1014662
SecurityTracker URL:
CVE Reference:   CVE-2005-2611   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 12 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Backup Exec for Windows Servers 9.0, 9.1, and 10.0; Remote Agent for Windows Server; Remote Agent for Unix/Linux Server; for NetWare
Description:   A vulnerability was reported in Veritas Backup Exec. A remote user can download arbitrary files from the target system.

The software uses a hard-coded, default authentication password. A remote user can send a CONNECT_CLIENT_AUTH request with a certain encrypted password value to successfully authenticate to the target application and gain access to files on the target system.

The vendor has confirmed that the following versions are affected:

VERITAS Backup Exec for Windows Servers 9.0, 9.1, and 10.0
VERITAS Backup Exec Remote Agent for Windows Server
VERITAS Backup Exec Remote Agent for Unix/Linux Server
VERITAS Backup Exec for NetWare Servers 9.1
VERITAS Backup Exec Remote Agent for NetWare Server
VERITAS NetBackup for NetWare Media Server Option 4.5, 4.5 FP, 5.0, and 5.1

Some demonstration exploit code is available at:

Several reports indicate that this vulnerability is being actively exploited.

Impact:   A remote user can gain access to the target application. With this access, the user can obtain files from the target system.
Solution:   Symantec/Veritas has issued fixes for NetBackup for Netware Media Server, Backup Exec for Netware Servers, and Backup Exec for Windows Servers.

NetBackup 4.5 Maintenance Pack 8B for Netware Media Servers:

NetBackup 4.5 Feature Pack 8B for Netware Media Servers:

NetBackup 5.0 Maintenance Pack 5B for Netware Media Servers:

NetBackup 5.1 Maintenance Pack 3B for Netware Media Servers:

Backup Exec 9.1.1158.3 for Netware Servers:

English Only Installation File:
English/French/German Installation file:

Users of Exec 9.0 for NetWare Servers must upgrade to version 9.1 or higher.

Backup Exec 9.0 4367 for Windows Servers Hotfix 22:

Backup Exec 9.0 4454 for Windows Servers Hotfix 32

Backup Exec 9.1 4691 for Windows Servers Hotfix 54

Backup Exec 10.0 5520 for Windows Servers Hotfix 15

Backup Exec 10.0 5520 Hotfix 16 - Remote Agent for Linux/UNIX Servers (RALUS) update

Backup Exec 10.0 5484 for Windows Servers Hotfix 30

Backup Exec 10.0 5484 Hotfix 31 - Remote Agent for Linux/UNIX Servers (RALUS) update

Users of Backup Exec 8.6 for Windows Servers must upgrade to a newer version to obtain a fix.

The vendor indicates that, as a workaround, you can block external access to TCP port 10000.

The vendor's advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error, Configuration error, Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2018, LLC