VERITAS Backup Exec contains a remote registry access validation vulnerability.
VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.
An access validation vulnerability in Backup Exec for Windows allows remote attackers to access the Windows registry on the backup server with administrator privileges.
An unauthenticated remote attacker can gain administrator access to the registry and then use this to gain complete administrative control of the backup server.
Apply a patch from the vendor. See http://seer.support.veritas.com/docs/276605.htm for details.
VERITAS Software in its advisory states:"VERITAS Software appreciates the cooperation of Pedram Amini, iDEFENSE Labs in identifying this issue and coordinating with VERITAS Software in the resolution process."
This document was written by Robert Mead based on information in the VERITAS Software and iDefense advisories.
|Date First Published:||2005-06-24|
|Date Last Updated:||2005-10-17 16:29 UTC|