Intrusion Prevention



This vulnerability affects the VERITAS Backup Exec Remote Agent. An encrypted but static password transferred during the authentication process can be used to gain remote access. An attacker with knowledge of this password and access to the Remote Agent may be able to retrieve arbitrary files from a vulnerable system.

Affected Products

Veritas Software Backup Exec for Windows and Netware Servers 10.0 rev. 5520 and earlier versions. Veritas Software Backup Exec Remote Agent for Windows Server, for Unix/Linux Server and for NetWare Server. NetBackup for NetWare Media Servers 5.1 MP3 and earlier versions.


File access.

Recommended Actions

Apply appropriate patch from the vendor:
VERITAS Backup Exec for Windows Servers
VERITAS Backup Exec for NetWare Servers
VERITAS NetBackup for NetWare Media Server Option

CVE References