VERITAS Backup Exec Server (beserver.exe) contains a flaw that may allow a remote attacker to modify the Windows registry with administrative level permissions. The issue is due to RPC calls not properly authenticating callers of methods on TCP port 6106. This may allow an attacker to modify the registry of a host leading to a completely compromise.
The vendor has made a hotfix available for each affected version.
VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers: Hotfix 21
VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers: Hotfix 31
VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers: Service Pack 4
VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers: Hotfix 24 or upgrade to Backup Exec 10.0 rev. 5520
If a hotfix cannot be applied, please place access controls on traffic destine to TCP port 6106.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.