Document ID: 276604
http://support.veritas.com/docs/276604 E-Mail Colleague IconE-Mail this document to a colleague

VERITAS Software Security Advisory VX05-002
Details:
VX05-002
June 22, 2005
VERITAS Backup Exec Remote Agent for Windows Servers (RAWS) Buffer Overflow Vulnerability

Revision History
None


Risk Impact
High


Overview
Exploitation of a buffer overflow vulnerability in the VERITAS Backup Exec Remote Agent for Windows Servers (RAWS) may allow a remote attacker to gain privileged access and execute arbitrary code on the targeted system.


Affected Products
Backup Exec 10.0 for Windows Servers rev. 5520 - Remote Agent for Netware Servers
Backup Exec 10.0 for Windows Servers rev. 5484 - Both Agents
Backup Exec 9.1 for Windows Servers rev. 4691 - Remote Agent for Windows Servers
Backup Exec 9.0 for Windows Servers rev. 4454 - Remote Agent for Windows Servers
Backup Exec 9.0 for Windows Servers rev. 4367 - Remote Agent for Windows Servers
Backup Exec 9.1.307 for NetWare Servers - Both Agents
Backup Exec 9.1.306 for NetWare Servers - Both Agents
Backup Exec 9.1.1154 for NetWare Servers - Both Agents
Backup Exec 9.1.1152.4 for NetWare Servers - Both Agents
Backup Exec 9.1.1152 for NetWare Servers - Both Agents
Backup Exec 9.1.1151.1 for NetWare Servers - Both Agents
Backup Exec 9.1.1127.1 for NetWare Servers - Both Agents
Backup Exec 9.1.1067.3 for NetWare Servers - Both Agents
Backup Exec 9.1.1067.2 for NetWare Servers - Both Agents
Backup Exec 9.0.4202 for NetWare Servers - Both Agents
Backup Exec 9.0.4174 for NetWare Servers - Both Agents
Backup Exec 9.0.4172 for NetWare Servers - Both Agents
Backup Exec 9.0.4170 for NetWare Servers - Both Agents
Backup Exec 9.0.4019 for NetWare Servers - Both Agents


Non-Affected Products
Backup Exec 10.0 for Windows Servers rev. 5520 - Remote Agent for Windows Servers
Backup Exec 9.1.1156 for NetWare Servers - Both Agents


Details
iDEFENSE, Inc. (  http://www.idefense.com/application/poi/display?type=vulnerabilities ) reported a buffer overflow vulnerability in VERITAS Software Backup Exec Remote Agent that could potentially allow a remote attacker to gain elevated privileges and then execute arbitrary code on the targeted system.

The vulnerability specifically exists because of improper handling of unexpected input validation on some authentication requests.


VERITAS Software's Response
VERITAS Engineering has verified and addressed the issue in the affected products. A hotfix has been developed for each of the affected versions to address the issue. Even though VERITAS Technical Services is unaware of any adverse customer impact from this issue, we strongly recommend users of the affected products apply the appropriate updates immediately to safeguard against threats of this nature.

Note: The Remote Agent for Windows Servers (RAWS) will need to be reinstalled on each remote machine after downloading and installing the following list of files:

VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers Hotfix 21
 http://support.veritas.com/docs/276156

VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers Hotfix 31
 http://support.veritas.com/docs/275911

VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers Service Pack 4
 http://support.veritas.com/docs/279308

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers Hotfix 24
 http://support.veritas.com/docs/275514

or

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers - upgrade to Backup Exec 10.0 rev. 5520
(Remote Agent for Windows Servers fix only)
 http://support.veritas.com/docs/277181

VERITAS Backup Exec 10.0 rev. 5484 and rev. 5520 for Windows Servers
(Remote Agent for NetWare Servers fix only)
 http://support.veritas.com/docs/277478

VERITAS Backup Exec 9.0.4202 for NetWare Servers Hotfix 1
 http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
 http://support.veritas.com/docs/277421


Mitigation:
To avoid the issue until the patch can be applied, restrict access to hosts running VERITAS Backup Exec Agents to trusted hosts only.



CVE
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-0773 to this issue.
This is a candidate for inclusion in the CVE list (  http://cve.mitre.org ) which standardizes names for security problems.


Credit
VERITAS Software appreciates the cooperation of the iDEFENSE research team in reporting this issue and coordinating with VERITAS Software in the resolution process.

Acknowledgements
iDEFENSE, Inc.
Products Applied:
 Backup Exec for NetWare 9.0, 9.1
 Backup Exec for Windows Servers 10.0, 10.0 5484, 9.0, 9.0 4367, 9.0 4454, 9.1, 9.1 4691
Last Updated: October 17 2005 05:54 PM GMT
Expires on: 365 days from publish date
Subscribe Via E-Mail IconSubscribe to receive critical updates about this document

Subjects:
 Backup Exec for NetWare
   Application: Agent Support, Backup, Restore, Security
   Publishing Status: Techalert
Backup Exec for Windows Servers
   Application: Backup, Documentation, Faq, Restore, Troubleshooting
   Publishing Status: Techalert

Languages:
 English (US), French, German, Spanish, Italian, Japanese, Chinese, Korean

Operating Systems:
NetWare

4.2, 5.0, 5.1, 6.0, 6.5

Windows 2000

Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, SAK, Server, Server Windows Powered

Windows NT

4.0 Server SP6a, 4.0 Workstation SP6a

Windows NT Small Business Server

2000, 4.5

Windows XP

Home 5.1, Pro 5.1

Windows Server 2003

DataCenter, Enterprise Server, Standard Server, Storage Server, Web Server

Windows Small Business Server 2003

Premium Edition, Standard Edition