None

High

The Backup Exec Web Administration Console (BEWAC) is a Web utility option that can be installed on a Backup Exec media server, which allows remote management of that media server. Exploitation of a buffer overflow vulnerability in the Web Administration Console may allow a user to execute arbitrary code.  

Backup Exec 10.0 for Windows Servers rev. 5484

Backup Exec 9.1 for Windows Servers rev. 4691

Backup Exec 9.0 for Windows Servers rev. 4454

Backup Exec 9.0 for Windows Servers rev. 4367

Backup Exec 10.0 for Windows Servers rev. 5520

NGSSoftware (  http://www.ngssoftware.com/advisory.htm ) reported a buffer overflow vulnerability in VERITAS Software Backup Exec Web Administration Console that can potentially allow a user to execute arbitrary code. The vulnerability exists due to improper handling of specifically configured user-provided credentials. Successful exploitation of this issue could lead to privileged access on the targeted system.

VERITAS Software's Response
VERITAS Engineering has verified and addressed the issue in the affected products using the Web Administration Console. A hotfix has been developed for each of the affected versions to address the issue. Even though VERITAS Technical Services is unaware of any adverse customer impact from this issue, we strongly recommend users of the affected products apply the appropriate upgrade and/or updates immediately to safeguard against threats of this nature.

NOTE:  Customers running VERITAS Backup Exec 9.0 rev. 4367 and VERITAS Backup Exec 9.0 rev. 4454 MUST upgrade to VERITAS Backup Exec 9.1 rev. 4691, and then apply the security rollup to resolve this issue.  This is a free upgrade for all users of VERITAS Backup Exec 9.0 rev. 4367 and VERITAS Backup Exec 9.0 rev. 4454.  

If the upgrade cannot be performed within an acceptable period due to change control or other mitigating issues, be sure to follow the instructions in the mitigation section for instructions on disabling the Backup Exec Web Administration Console.

 http://support.veritas.com/docs/264658

 http://support.veritas.com/docs/279308

 http://support.veritas.com/docs/275514

 http://support.veritas.com/docs/277181

A. Remove the Backup Exec Web Administration Console

1.  Launch the Backup Exec Setup from Add/Remove Programs

2.  Uninstall Backup Exec

3.  Reinstall Backup Exec without the Web Administration Console (BEWAC)

B. Rename or delete Inc_debug.asp

CVE

A CVE candidate number will be requested from The Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised as required once the CVE candidate number has been assigned.  This issue is a candidate for inclusion in the CVE list (  http://cve.mitre.org ) which standardizes names for security problems.

VERITAS Software appreciates the cooperation of the NGSSoftware research team in identifying this issue and coordinating with VERITAS Software in the resolution process.