OSVDB ID: 17627

Title: VERITAS Backup Exec Server Unauthenticated Remote Registry Access

Info

Disclosure
Jun 22, 2005

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 VERITAS Backup Exec Server (beserver.exe) contains a flaw that may allow a remote attacker to modify the Windows registry with administrative level permissions. The issue is due to RPC calls not properly authenticating callers of methods on TCP port 6106. This may allow an attacker to modify the registry of a host leading to a completely compromise.

Classification

 Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

 The vendor has made a hotfix available for each affected version. VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers: Hotfix 21 VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers: Hotfix 31 VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers: Service Pack 4 VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers: Hotfix 24 or upgrade to Backup Exec 10.0 rev. 5520 If a hotfix cannot be applied, please place access controls on traffic destine to TCP port 6106.

Products

Veritas

Backup Exec for Windows Servers

 10.0 revision 5458
9.1 revision 4691
9.0 revision 4454
9.0 revision 4367

References

Credit
  • Pedram Amini - labsBrand New Doo Dooidefense.com - iDEFENSE Labs


Direct URL: http://osvdb.org/36218