Document ID: 276605
http://support.veritas.com/docs/276605 E-Mail Colleague IconE-Mail this document to a colleague

VERITAS Software Security Advisory VX05-003
Details:
VX05-003
June 22, 2005
VERITAS Backup Exec Server Remote Registry Access Vulnerability

Revision History
None


Risk Impact
High  


Overview
Successful exploitation of a remote access validation vulnerability in VERITAS Backup Exec for Windows could potentially provide a remote attacker with "Administrator" privileges over the target system's registry.


Affected Products
Backup Exec 10.0 for Windows Servers rev. 5484
Backup Exec 9.1 for Windows Servers rev. 4691
Backup Exec 9.0 for Windows Servers rev. 4454
Backup Exec 9.0 for Windows Servers rev. 4367


Non-Affected Products
Backup Exec 10.0 for Windows Servers rev. 5520


Details
iDEFENSE, Inc. (  http://www.idefense.com/application/poi/display?type=vulnerabilities ) reported an access validation issue in VERITAS Backup Exec for Windows Servers. Successful remote exploitation of this issue can potentially provide attackers with "Administrator" privileges over the target system's registry. Successful access could then be further leveraged to gain additional elevated privilege access on the targeted system.


VERITAS Software's Response
VERITAS Engineering has verified and addressed the issue in the affected products. A hotfix has been developed for each of the affected versions to address the issue. Even though VERITAS Technical Services is unaware of any adverse customer impact from this issue, we strongly recommend users of the affected products apply the appropriate upgrade and/or updates immediately to safeguard against threats of this nature.

VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers Hotfix 21
 http://support.veritas.com/docs/276156

VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers Hotfix 31
 http://support.veritas.com/docs/275911

VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers Service Pack 4
 http://support.veritas.com/docs/279308

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers Hotfix 24
 http://support.veritas.com/docs/275514

or

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers - upgrade to Backup Exec 10.0 rev. 5520  http://support.veritas.com/docs/277181

Mitigation:
Filter inbound traffic targeting TCP port 6106 to trusted hosts and networks only.

CVE
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-0771 to this issue. This is a candidate for inclusion in the CVE list (  http://cve.mitre.org ), which standardizes names for security problems.


Credit
VERITAS Software appreciates the cooperation of Pedram Amini, iDEFENSE Labs in identifying this issue and coordinating with VERITAS Software in the resolution process.

Acknowledgements
iDEFENSE, Inc.
Products Applied:
 Backup Exec for Windows Servers 10.0, 10.0 5484, 9.0, 9.0 4367, 9.0 4454, 9.1, 9.1 4691
Last Updated: October 14 2005 02:20 PM GMT
Expires on: 365 days from publish date
Subscribe Via E-Mail IconSubscribe to receive critical updates about this document

Subjects:
 Backup Exec for Windows Servers
   Application: Backup, Documentation, Faq, Restore, Troubleshooting
   Publishing Status: Techalert

Languages:
 English (US), French, German, Spanish, Italian, Japanese, Chinese, Korean

Operating Systems:
Windows 2000

Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, SAK, Server, Server Windows Powered

Windows NT

4.0 Server SP6a, 4.0 Workstation SP6a

Windows NT Small Business Server

2000, 4.5

Windows XP

Home 5.1, Pro 5.1

Windows Server 2003

DataCenter, Enterprise Server, Standard Server, Storage Server, Web Server

Windows Small Business Server 2003

Premium Edition, Standard Edition