Vulnerability Note VU#907729

Veritas Backup Exec registration request buffer overflow

Original Release date: 14 Jan 2005 | Last revised: 01 May 2006


Certain versions of Veritas Backup Exec 8.x and 9.x can be remotely exploited to allow execution of arbitrary code on affected servers.


A buffer overflow exists in Veritas Backup Exec 8.x (prior to 8.60.3878 Hotfix 68), and 9.x (pritor to 9.1.4691 Hotfix 40). A stack-based buffer can be overwritten when certain registration requests containing overly long hostnames are sent to vulnerable servers.

Exploits for this vulnerability have been made available via public web sites. Active exploitation of this vulnerability has been reported.


A remote intruder may be able to crash affected systems or execute arbitrary code with the privileges of the running service which may include domain-wide administrative rights.


Please see the vendor documents with patch information to resolve this issue:

IV. Workarounds

Restrict network access to 6101/tcp on affected servers

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
HitachiAffected-16 Feb 2005
NEC CorporationAffected-02 Feb 2005
Veritas SOFTWAREAffected-14 Jan 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



iDefense has credited an anonymous contributor and Patrik Karlsson for discovering this vulnerability.

This document was written by Jeffrey S. Havrilla.

Other Information

  • CVE IDs: CVE-2004-1172
  • Date Public: 15 Dec 2004
  • Date First Published: 14 Jan 2005
  • Date Last Updated: 01 May 2006
  • Severity Metric: 17.82
  • Document Revision: 16


If you have feedback, comments, or additional information about this vulnerability, please send us email.