Detections
Analytics
Veritas Backup Exec Agent Browser 8.x < 8.60.3878 HF 68 / 9.0.x < 9.0.4454 HF 30 / 9.1.x < 9.1.4691 HF 40 RCE
critical Nessus Plugin ID 16230
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The version of Veritas Backup Exec Agent Browser installed on the remote host is 8.x prior to 8.60.3878 hotfix 68, 9.0.x prior to 9.0.4454 hotfix 30, or 9.1.x prior to 9.1.4691 hotfix 40. It is, therefore, affected by a remote code execution vulnerability in the registration service (benetns.exe) due to a failure to validate the client hostname field during the registration process. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code.Solution
Upgrade to Veritas Backup Exec Agent Browser 8.60.3878 hotfix 68 / 9.0.4454 hotfix 30 / 9.1.4691 hotfix 40 or later.See Also
http://www.nessus.org/u?191bec81
http://www.nessus.org/u?7aa777ec
Plugin Details
Severity: Critical
ID: 16230
File Name: veritas_backup_exec_overflow.nasl
Version: 1.28
Type: local
Agent: windows
Family: Windows
Published: 1/24/2005
Updated: 8/7/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:symantec:veritas_backup_exec, cpe:/a:symantec_veritas:backup_exec
Required KB Items: SMB/Registry/Enumerated
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/8/2005
Vulnerability Publication Date: 12/16/2004
Exploitable With
Core Impact
Metasploit (Veritas Backup Exec Name Service Overflow)
Reference Information
CVE: CVE-2004-1172
BID: 11974
CERT: 907729