Vulnerability Note VU#584505
VERITAS Backup Exec remote registry access validation vulnerability
VERITAS Backup Exec contains a remote registry access validation vulnerability.
VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.
An access validation vulnerability in Backup Exec for Windows allows remote attackers to access the Windows registry on the backup server with administrator privileges.
VERITAS Software has released information about this and five other security issues affecting VERITAS Backup Exec for Windows and Netware Servers. For more information about this specific vulnerability please see:
An unauthenticated remote attacker can gain administrator access to the registry and then use this to gain complete administrative control of the backup server.
Apply a patch from the vendor. See http://seer.support.veritas.com/docs/276605.htm for details.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Veritas SOFTWARE||Affected||-||24 Jun 2005|
CVSS Metrics (Learn More)
VERITAS Software in its advisory states:
"VERITAS Software appreciates the cooperation of Pedram Amini, iDEFENSE Labs in identifying this issue and coordinating with VERITAS Software in the resolution process."
This document was written by Robert Mead based on information in the VERITAS Software and iDefense advisories.
- CVE IDs: CAN-2005-0771
- Date Public: 22 Jun 2005
- Date First Published: 24 Jun 2005
- Date Last Updated: 17 Oct 2005
- Severity Metric: 9.21
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.