Certain versions of Veritas Backup Exec 8.x and 9.x can be remotely exploited to allow execution of arbitrary code on affected servers.
A buffer overflow exists in Veritas Backup Exec 8.x (prior to 8.60.3878 Hotfix 68), and 9.x (pritor to 9.1.4691 Hotfix 40). A stack-based buffer can be overwritten when certain registration requests containing overly long hostnames are sent to vulnerable servers.
Exploits for this vulnerability have been made available via public web sites. Active exploitation of this vulnerability has been reported.
A remote intruder may be able to crash affected systems or execute arbitrary code with the privileges of the running service which may include domain-wide administrative rights.
Please see the vendor documents with patch information to resolve this issue:
Restrict network access to 6101/tcp on affected servers
iDefense has credited an anonymous contributor and Patrik Karlsson for discovering this vulnerability.
This document was written by Jeffrey S. Havrilla.
|Date First Published:||2005-01-14|
|Date Last Updated:||2006-05-01 19:50 UTC|