OSVDB ID: 18695

Title: VERITAS Backup Exec Remote Agent Arbitrary File Download

Info

Disclosure
Aug 12, 2005

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 Veritas Backup Exec for Windows Servers contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user sends a CONNECT_CLIENT_AUTH request with a hardcoded password value to trigger the flaw. If successful, the flaw will disclose arbitrary files that are accessible via the Windows system account, resulting in a loss of confidentiality.

Classification

 Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

 Currently, there are no known upgrades or patches to correct this issue for the Backup Exec Windows Server 8.6 version. For all effected versions, it is possible to correct the flaw by implementing the following workaround(s): Block external access to the service (TCP port 10000) at the network perimeter For Backup Exec for Windows Servers 9.0, 9.1, & 10.0, Backup Exec for Netware Servers 9.1, and Netbackup for Netware Media Servers Option 4.5, 4.5 FP, 5.0, & 5.1, Veritas has released a patch to address this vulnerability.

Products

Veritas

Backup Exec for Windows Servers

 8.6
9.0
9.1
10.0

Backup Exec for NetWare Servers

 9.1

NetBackup for NetWare Media Server Option

 4.5
4.5 FP
5.0
5.1

Backup Exec Remote Agent for Windows Servers

 Unknown or Unspecified

Backup Exec Remote Agent for Unix or Linux Servers

 Unknown or Unspecified

Backup Exec Remote Agent for NetWare Servers

 Unknown or Unspecified

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/36218