ID CVE-2005-0349Type cveReporter cve@mitre.orgModified 2011-03-08T02:19:00
Description
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
{"id": "CVE-2005-0349", "bulletinFamily": "NVD", "title": "CVE-2005-0349", "description": "The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.", "published": "2005-05-02T04:00:00", "modified": "2011-03-08T02:19:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0349", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/13706", "http://www.idefense.com/application/poi/display?id=198&type=vulnerabilities", "http://secunia.com/advisories/14233", "http://securitytracker.com/id?1013144", "http://www.securityfocus.com/bid/12522", "http://www.vupen.com/english/advisories/2005/0145", "http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO63672&os=UNIX&returninput=0"], "cvelist": ["CVE-2005-0349"], "type": "cve", "lastseen": "2019-05-29T18:08:13", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "be69332d0634407613768df982247d83"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "235fd81ade99ad3d518b69e6f0eb898a"}, {"key": "cpe23", "hash": "6558d31d75f4b3f2af8e40f11962aed5"}, {"key": "cvelist", "hash": "6574bbf1918aa5fd2beacd2c6b512b14"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "a11071654cde664199dac48330e1f990"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "95c4c842226fed2765f02b3cf9cd2a65"}, {"key": "href", "hash": "a7edf6f68f50f9c963cc31cd6546fcd6"}, {"key": "modified", "hash": "fa7d41f6cd3c48ea8be916a2ddfa6cc0"}, {"key": "published", "hash": "c13cd72b1fb79a3190ca4c56e280fabc"}, {"key": "references", "hash": "efc5e848c84de6b368338a6f205446b2"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "33c0ef2458487318eebd6ff3bc70346e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1049e08aef8c6a201b999061f9c1421f95f1ee18794bdb4b96ddf07f5c012a68", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["ARCSERVE_DEFAULT_PASSWORD.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:13706"]}], "modified": "2019-05-29T18:08:13"}, "score": {"value": 8.5, "vector": "NONE", "modified": "2019-05-29T18:08:13"}, "vulnersScore": 8.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:ca:brightstor_arcserve_backup:11.1"], "affectedSoftware": [{"name": "ca brightstor_arcserve_backup", "operator": "eq", "version": "11.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "description": "## Vulnerability Description\nBrightStor ARCserve Backup UniversalAgent contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by a hard-coded, undocumented administrative account for the Common Agent. This flaw may lead to a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.\n## Short Description\nBrightStor ARCserve Backup UniversalAgent contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by a hard-coded, undocumented administrative account for the Common Agent. This flaw may lead to a loss of integrity.\n## Manual Testing Notes\nUsername: \\x02root\\x03\nPassword: \\x02<%j8U]`~+Ri\\x03\n## References:\nVendor URL: http://www.ca.com/\nSecurity Tracker: 1013144\n[Secunia Advisory ID:14233](https://secuniaresearch.flexerasoftware.com/advisories/14233/)\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=198&type=vulnerabilities\n[Nessus Plugin ID:16390](https://vulners.com/search?query=pluginID:16390)\nFrSIRT Advisory: ADV-2005-0145\n[CVE-2005-0349](https://vulners.com/cve/CVE-2005-0349)\nBugtraq ID: 12522\n", "modified": "2005-02-10T12:12:23", "published": "2005-02-10T12:12:23", "href": "https://vulners.com/osvdb/OSVDB:13706", "id": "OSVDB:13706", "title": "CA BrightStor ARCserve Backup Default Administrator Account", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:22", "bulletinFamily": "scanner", "description": "The remote host is running UniversalAgent, an agent used by BrightStor ARCserve to perform backups. \n\nThe remote version of this agent contains a default account with the username '\\x02root\\x03' and password '\\x02<%j8U]`~+Ri\\x03'. \n\nAn attacker may use this account to gain full access to the remote host.", "modified": "2018-06-27T00:00:00", "id": "ARCSERVE_DEFAULT_PASSWORD.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16390", "published": "2005-02-14T00:00:00", "title": "CA BrightStor ARCserve/Enterprise Backup Persistent Default Administrator Account", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# Vendor advisory says Linux version affected.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16390);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2005-0349\");\n script_bugtraq_id(12522);\n\n script_name(english:\"CA BrightStor ARCserve/Enterprise Backup Persistent Default Administrator Account\");\n script_summary(english:\"Determines if the ARCServer Default account is present\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"Arbitrary code can be executed on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running UniversalAgent, an agent used by BrightStor\nARCserve to perform backups. \n\nThe remote version of this agent contains a default account with the\nusername '\\x02root\\x03' and password '\\x02<%j8U]`~+Ri\\x03'. \n\nAn attacker may use this account to gain full access to the remote\nhost.\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gain a shell remotely\");\n\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(6051);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nport = 6051;\nif (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n\nsoc = open_sock_tcp(port);\nif (!soc) audit(AUDIT_SOCK_FAIL, port);\n\ndata = raw_string (\n\t0x00, 0x00, 0x00, 0x00, 0x03, 0x20, 0xA8, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBB, 0xEC, 0x6E, 0x58, 0xC9, 0xF0, 0xC2, 0x0A,\n\t0xC3, 0x2D, 0x15, 0x6F, 0xA7, 0x39, 0xEA, 0xA1, 0xC3, 0x2D, 0x15, 0x6F, 0xA7, 0x39, 0xEA, 0xA1,\n\t0xC3, 0x2D, 0x15, 0x6F, 0xA7, 0x39, 0xEA, 0xA1, 0xC3, 0x2D, 0x15, 0x6F, 0xA7, 0x39, 0xEA, 0xA1,\n\t0xC3, 0x2D, 0x15, 0x6F, 0xA7, 0x39, 0xEA, 0xA1, 0xD0, 0xC1, 0x9E, 0x8C, 0xE6, 0x5E, 0x18, 0xBD,\n\t0xED, 0xF8, 0xE0, 0xA7, 0x8A, 0xCD, 0x16, 0xB6, 0xC3, 0x2D, 0x15, 0x6F, 0xA7, 0x39, 0xEA, 0xA1,\n\t0x00, 0x00, 0x00, 0x0E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x00\n);\n\n\nsend (socket:soc, data:data);\n\nbuf = recv (socket:soc, length:8);\nif (!buf) audit(AUDIT_RESP_NOT, port);\n\nif (\"20000417005b0000\" >< hexstr(buf)) security_hole(port);\nelse exit(0, \"The service listening on port \"+port+\" is not affected.\");\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
