A heap-based buffer overflow in VERITAS Backup Exec Admin Plus Pack Option may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.
VERITAS Backup Exec Server products have a heap overflow vulnerability that may be exploited by an unauthenticated remote attacker who can connect to the TCP port on which the Backup Exec server service is listening.
An unauthenticated remote attacker can execute arbitrary code on the backup server and gain administrative control of the computer.
Apply a patch from the vendor, see http://seer.support.veritas.com/docs/276607.htm for details.
In their security bulletin VERITAS Software thanks the NGSSoftware research team for identifying this issue and coordinating with VERITAS Software in the resolution process.
|Date First Published:||2005-06-24|
|Date Last Updated:||2005-07-22 15:55 UTC|