cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Zero-day exploit for Backup Exec Agent?

Sim_Alam
Level 3

‎08-11-2005 09:51 PM

Hi,

FrSIRT have released an advisory and exploit code regarding what they claim is an unpatched zero-day exploit for Backup Exec that affects version 9.0 through 10.0. See http://www.frsirt.com/english/advisories/2005/1387 for more details.

SANS is also covering this with a warning of considerably increased scanning on port 10000. See Handler's diary entry for 11th August http://isc.sans.org/diary.php.

Are FrSIRT correct in their assessment that this is an unpatched vulnerability?

Cheers,
Sim
0 Kudos
7 REPLIES 7

priya_khire
Level 6

‎08-12-2005 02:22 AM

Hello Sim,

The vulnerabilities discovered in Backup exec have all been patched with hotfixes specifically tested. Refer to the following technotes in order to know more about the vulnerabilities and the appropriate patches:


For information on the recent VERITAS Backup Exec security vulnerabilities, including links to the downloads for the necessary hotfixes, please refer to the following document:
Patch summary for Security Advisories VX05-001, VX05-002, VX05-003, VX05-005, VX05-006, VX05-007

http://seer.support.veritas.com/docs/277429.htm

Hope this answers your question. In case of further doubts, revert to the forum.

Note : If we do not receive your reply within two business days, this post would be marked ‘assumed answered’ and would be moved to ‘answered questions’ pool.

Regards.
0 Kudos

Sim_Alam
Level 3

‎08-12-2005 02:59 AM

Hi Priya,

Thanks for your response. Could you please confirm which security advisory is the one that covers this vulnerability, i.e. is it VX05-007 (http://support.veritas.com/docs/276608) ?

Cheers,
Sim
0 Kudos

Sim_Alam
Level 3

‎08-12-2005 04:17 AM

Also I think someone at Symantec Veritas needs to talk to Symantec Security because they think that there are no patches for this yet! See http://securityresponse.symantec.com/avcenter/security/Content/14551.html
0 Kudos

Sim_Alam
Level 3

‎08-12-2005 07:24 AM

I have received an email (see below) via FrSIRT from Symantec Security that confirms that this is a NEW vulnerability that is not covered by any existing security patches. I really think that Symantec Veritas needs to talk to Symantec Security urgently because this is getting messy and confusing for your clients.

"Sym Security a écrit :
Hello,

This is not fixed by the patch for VX05-007, it is a new issue that was
not reported to us prior to release. But we are working fixes currently
that will be available as soon as we can get them QA and tested.

Symantec Product Security Team
Symantec takes the security of our products seriously and is a responsible
disclosure company. You can view our response policies at
http://www.symantec.com/security.
We will work directly with anyone who believes they have found a security
issue in a Symantec product to validate the problem and coordinate any
response deemed necessary.

Please contact secure@symantec.com concerning security issues with
Symantec products.

-----------------------------------------------------------------------

"FrSIRT \(French Security Incident Response Team\)" wrote
08/12/2005
To
cc
Subject
Veritas Backup Exec Vulnerability

Hello,

Can you please confirm/infirm that this vulnerability has been fixed with
VX05-007 ?
http://www.frsirt.com/english/advisories/2005/1387
Exploit : http://www.frsirt.com/exploits/20050811.backupexec_dump.pm.php

Best regards,
FrSIRT / French Security Incident Response Team 24/7
http://www.frsirt.com
"
0 Kudos

Sim_Alam
Level 3

‎08-12-2005 08:18 AM

To continue this farcical thread further securityfocus.com (another Symantec company) have a bulletin on this issue http://securityfocus.com/bid/14551/info which is pretty explicit regarding the versions of Backup Exec affected.

Read http://downloads.securityfocus.com/vulnerabilities/exploits/backupexec_dump.pm for the full exploit in question.

What is going on?

From the securityfocus.com bulletin:
"Veritas Backup Exec Remote Agent for Windows Servers Arbitrary File Download Vulnerability

Bugtraq ID: 14551
Class: Access Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: No
Published: Aug 12 2005 12:00AM
Updated: Aug 12 2005 04:04AM
Credit: The discoverer of this vulnerability wishes to remain anonymous.
Vulnerable: Veritas Software Backup Exec 10.0 rev. 5520
Veritas Software Backup Exec 10.0 rev. 5484 SP1
Veritas Software Backup Exec 10.0 rev. 5484
Veritas Software Backup Exec 9.1 rev. 4691 SP2
Veritas Software Backup Exec 9.1 rev. 4691
Veritas Software Backup Exec 9.1
Veritas Software Backup Exec 9.0 rev. 4454 SP1
Veritas Software Backup Exec 9.0 rev. 4454
Veritas Software Backup Exec 9.0 rev. 4367 SP1
Veritas Software Backup Exec 9.0 rev. 4367
Veritas Software Backup Exec 9.0
Veritas Software Backup Exec 8.6
Veritas Software Backup Exec 8.5
Veritas Software Backup Exec 8.0"
0 Kudos

gene_levesque
Level 2

‎08-15-2005 09:03 AM

check this...I think this is related this problem...
http://seer.support.veritas.com/docs/278434.htm
0 Kudos

Sim_Alam
Level 3

‎08-15-2005 03:56 PM

Thanks Gene. I had already seen that. I actually left this thread open in the hope of another response from Veritas but no such luck.

Cheers,
Sim
0 Kudos