Written by Renaud Deraison and Nicolas Pouvesle of Tenable Network Security
Tuesday, 31 March 2009 22:47
Symantec Backup Exec for Windows Server Remote Agent Authentication Bypass Vulnerability
Access Validation Error
Nov 19 2008 12:00AM
Mar 31 2009 05:16PM
Renaud Deraison and Nicolas Pouvesle of Tenable Network Security
Symantec Backup Exec for Windows Servers 12.0
Symantec Backup Exec for Windows Servers 11d
Symantec Backup Exec for Windows Server 12.5
Symantec Backup Exec for Windows Server is prone to a vulnerability that allows an
attacker to bypass authentication and gain unauthorized access to the affected application.
Attackers with authorized network access can exploit this issue to bypass the logon
process using the remote agents. Successfully exploits may allow attackers to retrieve
or delete files on the targeted computer.
Currently we are not aware of any working exploits. If you feel we are in error or
if you are aware of more recent information, please mail us at:
The vendor has released an update. Please see the references for more information.
--Symantec Backup Exec Homepage
http://www.symantec.com/backupexec/index.js (Symantec )
--Symantec Security Advisory SYM08-021 - Backup Exec 11d, 12.0 and 12.5 for Window
--HS09-001 JP1/VERITAS Backup Exec Authentication Bypass and Buffer Overflow Vulne
--Symantec Backup Exec Authentication Bypass and Potential Buffer Overflow