Intrusion Prevention

Veritas.Backup.Exec.Agent.Auth.Buffer.Overflow

Description

Indicates a possible exploit of a stack-based authentication buffer overflow vulnerability in Veritas Backup Exec software Veritas Backup Exec is a backup and recovery software solution for Windows and Unix based server systems. A vulnerability is reported in it that may allow an attacker to execute arbitrary code on the affected system. This is due to the Veritas Exec remote agent's failure to boundary check the CONNECT_CLIENT_AUTH request with authentication method type 3. As a result it is possible for a remote attacker to send a specially crafted authentication request containing an overly long password argument and overflow the stack buffer. This may result in execution of arbitrary code on the affected system in the security context of the Backup Exec process which is usually the administrative account.

Affected Products

Veritas Software Backup Exec 8.0, Veritas Software Backup Exec 8.5, Veritas Software Backup Exec 8.6, Veritas Software Backup Exec 9.0, Veritas Software Backup Exec 9.1

Impact

Attacker may be able to execute the arbitrary code to gain the admin control.

Recommended Actions

Upgrade to the following versions or later: Verities Software Backup Exec for NetWare Servers 9.1.1156 Verities Software Backup Exec 10.0 rev. 5520 or apply patch according to following document http://seer.support.veritas.com/docs/277429.htm

CVE References

CVE-2005-0773