|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
A remote overflow exists in Veritas Backup Exec for Windows. The name server registration service (benetns.exe) fails to validate the client hostname field during the registration process, resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause custom code to run in the processes's current context, which is typically that of domain administrator. This can result in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 8.60.3878 Hotfix 68 or version 9.1.4691 Hotfix 40 or higher, as both have been reported by the vendor to fix this vulnerability. It is also possible to mitigate the flaw by implementing the following workaround(s): Disallow untrusted clients to connect to the affected service by blocking access to the Generic Remote File System (GRFS) port (usually 6101/TCP).
|
|
Products |
|
Backup Exec
 |
8.60.3878 |
9.1.4691 |
|
|
|
|
|
|
Credit |
- Patrik Karlsson - patrik
 cqure.net - cqure.net
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
