Intrusion Prevention

Veritas.Backup.Exec.Arbitrary.File.Download

Description

This vulnerability affects the VERITAS Backup Exec Remote Agent. An encrypted but static password transferred during the authentication process can be used to gain remote access. An attacker with knowledge of this password and access to the Remote Agent may be able to retrieve arbitrary files from a vulnerable system.

Affected Products

Veritas Software Backup Exec for Windows and Netware Servers 10.0 rev. 5520 and earlier versions. Veritas Software Backup Exec Remote Agent for Windows Server, for Unix/Linux Server and for NetWare Server. NetBackup for NetWare Media Servers 5.1 MP3 and earlier versions.

Impact

File access.

Recommended Actions

Apply appropriate patch from the vendor:
VERITAS Backup Exec for Windows Servers
http://support.veritas.com/docs/278434
VERITAS Backup Exec for NetWare Servers
http://support.veritas.com/docs/278431
VERITAS NetBackup for NetWare Media Server Option
http://support.veritas.com/docs/278430

CVE References

CVE-2005-2611