Vulnerability Note VU#907729
Veritas Backup Exec registration request buffer overflow
Certain versions of Veritas Backup Exec 8.x and 9.x can be remotely exploited to allow execution of arbitrary code on affected servers.
A buffer overflow exists in Veritas Backup Exec 8.x (prior to 8.60.3878 Hotfix 68), and 9.x (pritor to 9.1.4691 Hotfix 40). A stack-based buffer can be overwritten when certain registration requests containing overly long hostnames are sent to vulnerable servers.
Exploits for this vulnerability have been made available via public web sites. Active exploitation of this vulnerability has been reported.
A remote intruder may be able to crash affected systems or execute arbitrary code with the privileges of the running service which may include domain-wide administrative rights.
Please see the vendor documents with patch information to resolve this issue:
Restrict network access to 6101/tcp on affected servers
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hitachi||Affected||-||16 Feb 2005|
|NEC Corporation||Affected||-||02 Feb 2005|
|Veritas SOFTWARE||Affected||-||14 Jan 2005|
CVSS Metrics (Learn More)
iDefense has credited an anonymous contributor and Patrik Karlsson for discovering this vulnerability.
This document was written by Jeffrey S. Havrilla.
- CVE IDs: CVE-2004-1172
- Date Public: 15 Dec 2004
- Date First Published: 14 Jan 2005
- Date Last Updated: 01 May 2006
- Severity Metric: 17.82
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.