Document ID: 273419
http://support.veritas.com/docs/273419

Remote exploitation of a stack-based buffer overflow vulnerability in Backup Exec 8.x 
and 9.x may allow the unauthorized execution of arbitrary code.

Details:

The vulnerability specifically exists within the function responsible for receiving 
and parsing registration requests. The issue allows a remote attacker to execute 
arbitrary code under the privileges of one of the VERITAS Backup Exec (tm) service 
processes, which is usually a domain administrative account.

A hotfix is available for the following versions of Backup Exec:

Backup Exec 8.6 installations should have the following hotfix applied:
BENT86HF68_273422.exe 8.60.3878 Hotfix 68 - Backup Exec (buffer overflow creates a security hole in agent browser)
 http://support.veritas.com/docs/273422

Note: Backup Exec 8.x installations should be upgraded to Backup Exec 8.6 Build 3878 prior to the installation of the hotfix.


Backup Exec 9.1 installations should have the following hotfix applied:
Be4691RHF40_273420.exe 9.1.4691 Hotfix 40 - Backup Exec (buffer overflow creates a 
security hole in agent browser)
 http://support.veritas.com/docs/273420

Note: Backup Exec 9.0 and 9.1 installations should be upgraded to Backup Exec 9.1 
Build 4691 Service Pack 1 prior to the installation of the hotfix.


Workaround for all Backup Exec versions:
To avoid this issue in any version of Backup Exec, a firewall can be used to restrict 
incoming connections to trusted workstations running Backup Exec software.

Note: VERITAS Technical Services recommends that Backup Exec installations are always 
kept at the latest version, build, and hotfix level available. It is also recommended 
that a full backup is performed prior to and after any changes are made to a software 
environment. If you have any questions or concerns about this issue, please contact 
VERITAS Technical Services.


VERITAS Software has acknowledged that the above-mentioned issue may be present in 
earlier versions of the product which are no longer supported. There are no plans to 
address this issue by way of a patch or hotfix in any end-of-life versions of the 
product at the present time. The issue has been addressed in all supported versions 
of the product specified at the end of this article. If you have an unsupported 
version of the product, you will have to move to a supported version of the product 
to apply the patch or implement the workaround mentioned above.

Related Documents:

241035: VERITAS Backup Exec (tm) 8.6 for Windows NT build 3878 (Intel) (English)
 http://support.veritas.com/docs/241035


264658: Q118478.BEWS.91.4691.1_264658.zip  VERITAS Backup Exec (tm) 9.1 for Windows Servers revision 4691.1 (Single .ZIP download)
 http://support.veritas.com/docs/264658


267180: Be4691RSP1_267180.exe  VERITAS Backup Exec (tm) 9.1 for Windows Servers revision 4691 - Service Pack 1
 http://support.veritas.com/docs/267180








Supplemental Material:

System: Ref.#	Description
ETrack: 275793 	BEWS: Buffer overflow creates a security hole in Agent Browser (BEWS 8.6)
ETrack: 275738 	BEWS: Buffer overflow creates a security hole in Agent Browser (BEWS 9.1)

Products Applied:
 Backup Exec for Windows Servers 8.0, 8.5, 8.6, 9.0, 9.1

Last Updated: December 15 2004 04:41 PM GMT
Expires on: 12-15-2005
Subscribe Via E-Mail IconSubscribe to this document

Subjects:
 Backup Exec for Windows Servers
   Application: Alert, Troubleshooting
   Publishing Status: Techalert

Languages:
 English (US)

Operating Systems:
Windows 2000

Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, 
SAK, Server, Server Windows Powered

Windows NT

4.0 Server SP6a, 4.0 Workstation SP6a

Windows NT Small Business Server

2000, 4.5

Windows XP

Home 5.1, Pro 5.1

Windows Server 2003

DataCenter, Enterprise Server, Standard Server, Storage Server, Web Server

Windows Small Business Server 2003

Premium Edition, Standard Edition