|
VERITAS Backup Exec Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA15789
|
|
|
Release Date:
|
2005-06-23
|
|
Last Update:
|
2005-10-10
|
|
Popularity:
|
12,694 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Privilege escalation
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | VERITAS Backup Exec 10.x
VERITAS Backup Exec 9.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Multiple vulnerabilities have been reported in VERITAS Backup Exec for Windows and NetWare, which can be exploited by malicious users to gain escalated privileges, or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) A NULL pointer dereference errors in Remote Agent when handling request packets can be exploited to crash the application via a request packet containing an invalid "Error Status" value.
2) A NULL pointer dereference errors in Remote Agent when handling request packets can be exploited to crash the application via a specially crafted request packet.
3) A boundary error in Remote Agent when processing authentication requests can be exploited to cause a stack-based buffer overflow via a CONNECT_CLIENT_AUTH request containing an overly long string as password in the Windows user credentials.
Successful exploitation allows execution of arbitrary code.
4) An access control error in an RPC endpoint can be exploited to gain "Administrator" privileges over a vulnerable system's registry by connecting to the endpoint.
The vulnerability only affects the Windows version.
5) An unspecified boundary error in the Web Administration Console when processing user credentials can be exploited to cause a buffer overflow.
Successful exploitation allows execution of arbitrary code, but only affects the Windows version.
6) An unspecified boundary error in the Admin Plus Pack Option can be exploited to cause a heap-based buffer overflow.
Successful exploitation allows execution of arbitrary code, but only affects the Windows version.
7) An error can be exploited by unprivileged users to gain SYSTEM privileges by copying the handle used by the Backup Exec Remote Agent.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
