Vulnerabilities > CVE-2005-0773 - Remote Agent for Windows Servers Authentication Buffer Overflow vulnerability in Veritas Backup Exec

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
symantec-veritas
nessus
exploit available
metasploit

Summary

Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.

Exploit-Db

descriptionVeritas Backup Exec Windows Remote Agent Overflow. CVE-2005-0773. Remote exploit for windows platform
idEDB-ID:16332
last seen2016-02-01
modified2010-07-03
published2010-07-03
reportermetasploit
sourcehttps://www.exploit-db.com/download/16332/
titleVeritas Backup Exec Windows Remote Agent Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in the Veritas BackupExec Windows Agent software. This vulnerability occurs when a client authentication request is received with type '3' and a long password argument. Reliable execution is obtained by abusing the stack buffer overflow to smash a SEH pointer.
idMSF:EXPLOIT/WINDOWS/BACKUPEXEC/REMOTE_AGENT
last seen2019-12-26
modified2017-07-24
published2005-12-25
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/backupexec/remote_agent.rb
titleVeritas Backup Exec Windows Remote Agent Overflow

Nessus

NASL familyWindows
NASL idVERITAS_AGENT_OVERFLOW.NASL
descriptionThe remote host is running a version of VERITAS Backup Exec Agent which is vulnerable to a remote buffer overflow. An attacker may exploit this flaw to execute arbitrary code on the remote host or to disable this service remotely. To exploit this flaw, an attacker would need to send a specially crafted packet to the remote service.
last seen2020-06-01
modified2020-06-02
plugin id18551
published2005-06-23
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18551
titleVERITAS Backup Exec Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow

Packetstorm

Saint

bid14022
descriptionVERITAS Backup Exec CONNECT_CLIENT_AUTH buffer overflow
idmisc_backupexec,misc_backupexecconn
osvdb17624
titlebackup_exec_connect_client_auth
typeremote