| VID |
23135 |
| Severity |
40 |
| Port |
10000 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Backup Exec Remote Agent is vulnerable to unauthorized remote access vulnerability. VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup. The VERITAS Backup Exec Agent runs on systems to be backed up listening on TCP port 10000 and is responsible for accepting connections from the backup server when a backup is to occur. VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the Network Data Management Protocol (NDMP) agent to the server, which allows a remote attacker to read and write arbitrary files with the backup server.
* References:
http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html
http://securityresponse.symantec.com/avcenter/security/Content/14551.html
http://xforce.iss.net/xforce/alerts/id/204
http://www.kb.cert.org/vuls/id/378957
http://seer.support.veritas.com/docs/278434.htm
http://support.veritas.com/docs/255831
http://seer.support.veritas.com/docs/255174.htm
http://seer.support.veritas.com/docs/258334.htm
http://secunia.com/advisories/16403/
http://isc.sans.org/diary.php?date=2005-08-11
http://www.securitytracker.com/alerts/2005/Aug/1014662.html
* Platforms Affected:
VERITAS Backup Exec for Windows Servers 9.0 (all builds)
VERITAS Backup Exec for Windows Servers 9.1 (all builds)
VERITAS Backup Exec for Windows Servers 10.0 (all builds)
VERITAS Backup Exec Remote Agent for Windows Server
VERITAS Backup Exec Remote Agent for Unix/Linux Server
VERITAS Backup Exec for NetWare Servers 9.1 (all builds)
VERITAS Backup Exec Remote Agent for NetWare Server
VERITAS NetBackup for NetWare Media Server Option 4.5 (all builds)
VERITAS NetBackup for NetWare Media Server Option 4.5 FP (all builds)
VERITAS NetBackup for NetWare Media Server Option 5.0 (all builds)
VERITAS NetBackup for NetWare Media Server Option 5.1 (all builds)
Any operating system Any version |
| Recommendation |
Install the latest Security Update for your system, as listed in the Symantec advisory SYM05-011 at http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html |
| Related URL |
CVE-2005-2611 (CVE) |
| Related URL |
14551 (SecurityFocus) |
| Related URL |
21793 (ISS) |
|
