| VID |
23120 |
| Severity |
40 |
| Port |
6051 |
| Protocol |
TCP |
| Class |
UniversalAgent |
| Detailed Description |
The UniversalAgent service of BrightStor ARCserve/Enterprise Backup contains a backdoor account. UniversalAgent is an agent used by BrightStor ARCserve/Enterprise to perform backups. BrightStor ARCserve/Enterprise Backup r11.1 could allow a remote attacker to gain full access to the affected host, caused by a vulnerability with hard coded credentials being left in the UniversalAgent for Unix. A remote attacker with knowledge of the account and the password could gain full access to the file system on the target server. The attacker might also be able to execute arbitrary commands with root user privileges.
* References:
http://www.securitytracker.com/alerts/2005/Feb/1013144.html
http://www.idefense.com/application/poi/display?id=198&type=vulnerabilities&flashstatus=true
* Platforms Affected:
Computer Associates, Inc., BrightStor ARCserve Backup for Unix r11.1
Linux Any version
Unix Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in iDEFENSE Security Advisory 02.10.05 at http://www.idefense.com/application/poi/display?id=198&type=vulnerabilities&flashstatus=true |
| Related URL |
CVE-2005-0349 (CVE) |
| Related URL |
12522 (SecurityFocus) |
| Related URL |
19293 (ISS) |
|
