Vulnerability Note VU#907729

Veritas Backup Exec registration request buffer overflow

Original Release date: 14 Jan 2005 | Last revised: 01 May 2006

Overview

Certain versions of Veritas Backup Exec 8.x and 9.x can be remotely exploited to allow execution of arbitrary code on affected servers.

Description

A buffer overflow exists in Veritas Backup Exec 8.x (prior to 8.60.3878 Hotfix 68), and 9.x (pritor to 9.1.4691 Hotfix 40). A stack-based buffer can be overwritten when certain registration requests containing overly long hostnames are sent to vulnerable servers.

Exploits for this vulnerability have been made available via public web sites. Active exploitation of this vulnerability has been reported.

Impact

A remote intruder may be able to crash affected systems or execute arbitrary code with the privileges of the running service which may include domain-wide administrative rights.

Solution

Please see the vendor documents with patch information to resolve this issue:

http://seer.support.veritas.com/docs/273419.htm
http://seer.support.veritas.com/docs/273420.htm
http://seer.support.veritas.com/docs/273422.htm
http://seer.support.veritas.com/docs/273850.htm

IV. Workarounds


Restrict network access to 6101/tcp on affected servers

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
HitachiAffected-16 Feb 2005
NEC CorporationAffected-02 Feb 2005
Veritas SOFTWAREAffected-14 Jan 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

iDefense has credited an anonymous contributor and Patrik Karlsson for discovering this vulnerability.

This document was written by Jeffrey S. Havrilla.

Other Information

  • CVE IDs: CVE-2004-1172
  • Date Public: 15 Dec 2004
  • Date First Published: 14 Jan 2005
  • Date Last Updated: 01 May 2006
  • Severity Metric: 17.82
  • Document Revision: 16

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.