Buffer overflow : VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802985

Categoría: Buffer overflow

Título: VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability

Resumen: VERITAS Backup Exec Remote Agent for Windows Servers is prone to a buffer overflow vulnerability.

Descripción: Summary:
VERITAS Backup Exec Remote Agent for Windows Servers is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to insufficient input validation on CONNECT_CLIENT_AUTH
requests. CONNECT_CLIENT_AUTH requests sent with an authentication method type
'3' indicating Windows user credentials, and an overly long password argument
can overflow the buffer and lead to arbitrary code execution.

Vulnerability Impact:
Successful exploitation will allow attackers to overflow a buffer and
execute arbitrary code on the system.

Affected Software/OS:
Veritas Backup Exec Remote Agent versions 9.0 through 10.0 for Windows Servers

Solution:
Upgrade to Veritas Backup Exec Remote Agent 10.0 rev. 5520 for Windows Servers

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0773
AUSCERT Advisory: AL-2005.013
BugTraq ID: 14022
http://www.securityfocus.com/bid/14022
Cert/CC Advisory: TA05-180A
http://www.us-cert.gov/cas/techalerts/TA05-180A.html
CERT/CC vulnerability note: VU#492105
http://www.kb.cert.org/vuls/id/492105
http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities&flashstatus=true
http://www.osvdb.org/17624
http://securitytracker.com/id?1014273
http://secunia.com/advisories/15789

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802985
Categoría:	Buffer overflow
Título:	VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability
Resumen:	VERITAS Backup Exec Remote Agent for Windows Servers is prone to a buffer overflow vulnerability.
Descripción:	Summary: VERITAS Backup Exec Remote Agent for Windows Servers is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to insufficient input validation on CONNECT_CLIENT_AUTH requests. CONNECT_CLIENT_AUTH requests sent with an authentication method type '3' indicating Windows user credentials, and an overly long password argument can overflow the buffer and lead to arbitrary code execution. Vulnerability Impact: Successful exploitation will allow attackers to overflow a buffer and execute arbitrary code on the system. Affected Software/OS: Veritas Backup Exec Remote Agent versions 9.0 through 10.0 for Windows Servers Solution: Upgrade to Veritas Backup Exec Remote Agent 10.0 rev. 5520 for Windows Servers CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0773 AUSCERT Advisory: AL-2005.013 BugTraq ID: 14022 http://www.securityfocus.com/bid/14022 Cert/CC Advisory: TA05-180A http://www.us-cert.gov/cas/techalerts/TA05-180A.html CERT/CC vulnerability note: VU#492105 http://www.kb.cert.org/vuls/id/492105 http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17624 http://securitytracker.com/id?1014273 http://secunia.com/advisories/15789
Copyright	Copyright (C) 2012 Greenbone AG