Intrusion Prevention

Veritas.Backup.Exec.Agent.Invalid.Error.Status.DoS

Description

Indicates a possible exploit of denial of service vulnerability in Veritas Software Backup Exec agent software.
Veritas Backup Exec is a backup and recovery software solution for Windows and Unix based server systems. A vulnerability is reported in it that may allow an attacker to crash the agent system resulting a denial of service condition. This is due to Backup Exec agent's failure to properly handle request packets with an unexpected "Error Status" value. An attacker may send crafted packets with any Error Status, other than "0", that will cause a null pointer dereference, resulting denial of service.

Affected Products

Veritas Software Backup Exec 10.0 rev. 5484 SP1, NetBackup for NetWare Media Servers 5.1 MP3 and earlier versions.

Impact

Denial of Service.

Recommended Actions

Apply appropriate patch according to vendor recommendation http://seer.support.veritas.com/docs/277485.htm

CVE References

CVE-2005-0772