SecurityTracker: (Vulnerability is Being Actively Exploited) Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > BackupExec

Vendors: Veritas

(Vulnerability is Being Actively Exploited) Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry

SecurityTracker Alert ID: 1014342

SecurityTracker URL: http://securitytracker.com/id/1014342

CVE Reference: CVE-2005-0771, CVE-2005-0772, CVE-2005-0773, CVE-2005-2079, CVE-2005-2080 (Links to External Site)

Date: Jun 30 2005

Impact: Denial of service via network, Execution of arbitrary code via network, Modification of system information, User access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 10.0 and prior versions

Description: Several vulnerabilities were provided in Veritas Backup Exec. A remote user can cause the target system to crash. A remote user can also modify the operating system configuration. A remote user can execute arbitrary code on the target system.

A remote user can exploit an access control vulnerability in VERITAS Backup Exec for Windows to modify the target system's Windows Registry with "Administrator" privileges.

A remote user can also exploit flaws in the VERITAS Backup Exec Remote Agent for Windows Servers and Remote Agent for NetWare Servers to cause the target system to crash. The flaws are due to improper processing of certain request packets and a null pointer reference.

A remote user can exploit a buffer overflow in VERITAS Software Backup Exec Remote Agent in the processing of certain authentication requests to execute arbitrary code on the target system.

Backup Exec 10.0 for Windows Servers rev. 5520 and Backup Exec 9.1.1156 for NetWare Servers are not affected.

The vendor's advisories are available at:

http://seer.support.veritas.com/docs/276533.htm
http://seer.support.veritas.com/docs/276604.htm
http://seer.support.veritas.com/docs/276605.htm

The vendor credits iDEFENSE with reporting these vulnerabilities.

US-CERT reported on June 29, 2005 that one of these vulnerabilities is being actively exploited and that exploit code is publicly available. An increase in scanning activity on TCP port 10000 has been observed, potentially as part of an attempt to locate systems running the VERITAS Backup Exec Remote Agent.

The US-CERT advisory is available at:

http://www.us-cert.gov/cas/techalerts/TA05-180A.html

Impact: A remote user can modify the target system's Windows Registry (for Windows-based systems).

A remote user can execute arbitrary code on the target system.

A remote user can cause the target system to crash.

Solution: The vendor has issued the following fixes.

VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers Hotfix 21
http://support.veritas.com/docs/276156

VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers Hotfix 31
http://support.veritas.com/docs/275911

VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers Hotfix 52
http://support.veritas.com/docs/275909

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers Hotfix 24
http://support.veritas.com/docs/275514

VERITAS Backup Exec 9.0.4202 for NetWare Servers Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers - upgrade to Backup Exec 10.0 rev. 5520 http://support.veritas.com/docs/277181

VERITAS Backup Exec 10.0 rev. 5484 and rev. 5520 for Windows Servers
(Remote Agent for NetWare Servers fix only):
http://support.veritas.com/docs/277478

VERITAS Backup Exec 9.0.4202 for NetWare Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421

Vendor URL: seer.support.veritas.com/docs/276533.htm (Links to External Site)

Cause: Access control error, Boundary error, Input validation error

Underlying OS: Windows (Any)

Message History: This archive entry is a follow-up to the message listed below.

Jun 23 2005

Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry

Source Message Contents

Date: Thu, 30 Jun 2005 02:39:45 -0400
Subject: http://www.us-cert.gov/cas/techalerts/TA05-180A.html



> Technical Cyber Security Alert TA05-180A
	
> VERITAS Backup Exec Software is actively being exploited

CVE: CAN-2005-0773

Go to the Top of This SecurityTracker Archive Page