VERITAS Backup Exec Agent Static Password Protection
| Attack ID: | CPAI-2005-121 |
 |
|
| Publish Date: | |
|
|
| Category: | Remote Code Execution |
|
|
| Vulnerable Systems: | VERITAS Software NetBackup 4.5 VERITAS Software NetBackup 5.0 VERITAS Software NetBackup 5.1 VERITAS Software Backup Exec 8.6 VERITAS Software Backup Exec 9.0 VERITAS Software Backup Exec 9.1 VERITAS Software Backup Exec 10.0 VERITAS Software Backup Exec Remote Agent All Versions |
|
|
| Source: |
US-CERT VU#378957 |
|
|
| Description: | VERITAS Backup Exec is a backup and restore solution for Microsoft Windows server environments. The VERITAS Backup Exec Remote Agent uses static authentication mode which can be leveraged by an attacker to bypass the authentication process and execute arbitrary code on the target system. |
|
|
| Severity: | |
| Details: | The Backup Server communicates with Agents on port 10000/TCP. The vulnerability is caused due to a fixed, static password used by remote Backup Agent during the authentication procedure to the server. Remote attackers may trigger this vulnerability to authenticate to a vulnerable Backup Agent, which will enable them to download arbitrary files from the target host. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of InterSpect can identify the attacks by the following log entries: Attack Name: Backup Exec Protection Violation Users of VPN-1 NG with Application Intelligence R55 will receive rule 910002 on the SmartView Tracker screen. |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R55 and R55W, users of VPN-1 NGX R60 and users of InterSpect should update their SmartDefense by clicking Online Update (R55 - Update Now) in the SmartDashboard General window. To enable the protections: |
|
|
| Industry Reference: | CAN-2005-2611 |
|
|
| Additional Information: | |
