|
Feeds -
Exploits
|
|
Written by Renaud Deraison and Nicolas Pouvesle of Tenable Network Security
|
|
Tuesday, 31 March 2009 22:47 |
Symantec Backup Exec for Windows Server Remote Agent Authentication Bypass Vulnerability
-\\Bugtraq ID:
32347
-\\Class:
Access Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Nov 19 2008 12:00AM
-\\Updated:
Mar 31 2009 05:16PM
-\\Credit:
Renaud Deraison and Nicolas Pouvesle of Tenable Network Security
-\\Vulnerable:
Symantec Backup Exec for Windows Servers 12.0
Symantec Backup Exec for Windows Servers 11d
Symantec Backup Exec for Windows Server 12.5
-\\Discussion
Symantec Backup Exec for Windows Server is prone to a vulnerability that allows an
attacker to bypass authentication and gain unauthorized access to the affected application.
Attackers with authorized network access can exploit this issue to bypass the logon
process using the remote agents. Successfully exploits may allow attackers to retrieve
or delete files on the targeted computer.
-\\Exploit(s)/PoC(s):
Currently we are not aware of any working exploits. If you feel we are in error or
if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\Solution
The vendor has released an update. Please see the references for more information.
-\\References(s)
--Symantec Backup Exec Homepage
http://www.symantec.com/backupexec/index.js (Symantec )
--Symantec Security Advisory SYM08-021 - Backup Exec 11d, 12.0 and 12.5 for Window
http://seer.entsupport.symantec.com/docs/314528.ht (Symantec)
--HS09-001 JP1/VERITAS Backup Exec Authentication Bypass and Buffer Overflow Vulne
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-001/index.htm (Hitachi)
--Symantec Backup Exec Authentication Bypass and Potential Buffer Overflow
http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.htm (Symantec)
|
