OSVDB ID: 17624

Title: VERITAS Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow

Info

Disclosure
Jun 22, 2005

Discovery
Unknown

Dates

Exploit
Jun 22, 2005

Solution
Jun 22, 2005

Description

 A remote overflow exists in Backup Exec Remote Agent for Windows. The issue occurs when a client authentication request is received with type '3' and a long password argument. Reliable execution is obtained by abusing the stack overflow to smash a SEH pointer resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

 Upgrade to the correct version supplied by the vendow, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Veritas

Backup Exec Remote Agent for Windows

 9.0
9.1
10.0
4.2 for NT

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/17624