Backup Exec Remote Agent for Windows Servers contains a buffer overflow vulnerability due to incorrect validation on authentication requests.
VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup. The VERITAS Backup Exec Agent runs on systems to be backed up listening on TCP port 10000 and is responsible for accepting connections from the backup server when a backup is to occur.
The Backup Exec Remote Agent for Windows Servers contains a buffer overflow vulnerability due to incorrect validation on authentication requests, allowing a remote attacker to execute arbitrary code.
A remote attacker can execute arbitrary code on computers where the Remote Agent is installed and gain administrative control. As the Backup Exec Remote Agent may be running on workstations as well as servers, this vulnerability may provide greater opportunity for attack than the other vulnerabilities identified above.
Apply a patch from the vendor. See http://seer.support.veritas.com/docs/276604.htm for details.
VERITAS Software in its advisory states: "VERITAS Software appreciates the cooperation of Pedram Amini, iDEFENSE Labs in identifying this issue and coordinating with VERITAS Software in the resolution process."
This document was written by Robert Mead based on information in the VERITAS Software and iDefense advisories.
|Date First Published:||2005-06-24|
|Date Last Updated:||2005-07-22 15:55 UTC|