VERITAS Backup Exec Server Unauthenticated Remote Registry Access

2005-06-22T06:24:48
ID OSVDB:17627
Type osvdb
Reporter Pedram Amini(labs@idefense.com)
Modified 2005-06-22T06:24:48

Description

Vulnerability Description

VERITAS Backup Exec Server (beserver.exe) contains a flaw that may allow a remote attacker to modify the Windows registry with administrative level permissions. The issue is due to RPC calls not properly authenticating callers of methods on TCP port 6106. This may allow an attacker to modify the registry of a host leading to a completely compromise.

Solution Description

The vendor has made a hotfix available for each affected version.

VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers: Hotfix 21 VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers: Hotfix 31 VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers: Service Pack 4 VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers: Hotfix 24 or upgrade to Backup Exec 10.0 rev. 5520

If a hotfix ca not be applied, please place access controls on traffic destine to TCP port 6106.

Short Description

VERITAS Backup Exec Server (beserver.exe) contains a flaw that may allow a remote attacker to modify the Windows registry with administrative level permissions. The issue is due to RPC calls not properly authenticating callers of methods on TCP port 6106. This may allow an attacker to modify the registry of a host leading to a completely compromise.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1014273 Secunia Advisory ID:15789 Other Advisory URL: http://www.idefense.com/application/poi/display?id=269&type=vulnerabilities Nessus Plugin ID:19397 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0076.html Keyword: VX05-003 Generic Informational URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=164903957 CVE-2005-0771 Bugtraq ID: 14020