VERITAS Backup Exec CONNECT_CLIENT_AUTH buffer overflow

2005-12-22T00:00:00
ID SAINT:3302B755E322907B471AB7161A6A4178
Type saint
Reporter SAINT Corporation
Modified 2005-12-22T00:00:00

Description

Added: 12/22/2005
CVE: CVE-2005-0773
BID: 14022
OSVDB: 17624

Background

VERITAS Backup Exec is a network backup solution for Windows and Netware servers.

Problem

VERITAS Backup Exec is affected by a buffer overflow when handling **CONNECT_CLIENT_AUTH** requests with the Windows user authentication type. A very long password could overflow the buffer, leading to command execution.

Resolution

VERITAS Security Advisory VX05-002.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=272&type=vulnerabilities

Limitations

Exploit works on Backup Exec 9.1 on Windows platforms.

Platforms

Windows 2000
Windows XP / Windows Server 2003