virus logo Intrusion Prevention

Veritas.Backup.Exec.Agent.Browser.Buffer.Overflow

description-logoDescription

This indicates a possible exploit of a stack-based buffer-overflow vulnerability in the Veritas Backup Exec software.
Veritas Backup Exec is backup and recovery software solution for Windows and Unix based server systems. A vulnerability is reported in it that may allow an attacker to execute arbitrary code on the affected system. The browser service agent, which handles registration requests from the client, fails to boundary check the host name in the request. Therefore, there is a possibility for an attacker to send a specially crafted registration request containing a long host name and overflow the stack buffer. This may result in execution of arbitrary code on the affected system in the security context of Backup Exec process which is usually the administrative account.

affected-products-logoAffected Products

Veritas Software Backup Exec 8.0
Veritas Software Backup Exec 8.5
Veritas Software Backup Exec 8.6
Veritas Software Backup Exec 9.0
Veritas Software Backup Exec 9.1

Impact logoImpact

Attacker may be able to execute the arbitrary code to gain the administrative rights.

recomended-action-logoRecommended Actions

Apply the appropriate patch from the vendor, found at the following web site: http://seer.support.veritas.com/docs/273422.htm.

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 12485
Created Sep 11, 2006
Updated Nov 09, 2021
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 82.22%
Default Action drop
Active
Affected OS Windows
Affected App Veritas
Profile Type Buffer Errors