VERITAS Software Security Advisory VX05-002

Lois_Pyne · ‎08-18-2005

I'm want to install this new patch but I need to install SP 2 first, I believe. I'm having the worst time trying to figure out if SP 1 and 2 are installed. Can someone please help me? I found the information on how to check the BEDIAG file, but I still am not sure if the SPs are installed. Thanks!

Justin_Guidroz · ‎08-18-2005

I can concur that today when I did a Nessus scan of my media server, running 9.1 with SP3. It is now vulnerable again to the Backup Exec Server Remote Registry Access Vulnerability.

To prove my Nessus scan, I tried Metasploit against that vulnerability, and it exploited my media server successfully. After running the exploit, beserver.exe begins using 50% of the CPU and remains like that until I restart the machine or the service.

Deepali_Badave · ‎08-19-2005

Hello,

Following are the two ways to verify that the Service Pack 1 has been applied to Backup Exec 9.1 for Windows Servers.
Method I
1. Click on Tools | VERITAS Update
Click on List Updates
3. Under Installed Updates, Backup Exec 9.1 Revision 4691 SP1 will be listed.

Method II
Check the actual file versions in a BEDIAG.
The file versions can be found in the "Backup Exec file versions on \\server" section under the FileVer column

Note: For information on how to generate a BEDIAG, please see the Related Documents section of this TechNote.
The following is a list of updated files that can be found in a BEDIAG of the Backup Exec 9.1 for Windows Servers server and their file versions.
Name of file File version
beengine.exe 9.1.4691.14
beremote.exe 9.1.4691.14
drprepwizard.exe 9.1.4691.14
pvlsvr.exe 9.1.4691.15
becatsrv.dll 9.1.4691.17
beclass.dll 9.1.4691.8
bedsnt5.dll 9.1.4691.14
bedsshadow.dll 9.1.4691.14

NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.

VOX

VERITAS Software Security Advisory VX05-002