Vulnerabilities > CVE-2005-0773 - Remote Agent for Windows Servers Authentication Buffer Overflow vulnerability in Veritas Backup Exec
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
Vulnerable Configurations
Exploit-Db
| description | Veritas Backup Exec Windows Remote Agent Overflow. CVE-2005-0773. Remote exploit for windows platform |
| id | EDB-ID:16332 |
| last seen | 2016-02-01 |
| modified | 2010-07-03 |
| published | 2010-07-03 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16332/ |
| title | Veritas Backup Exec Windows Remote Agent Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in the Veritas BackupExec Windows Agent software. This vulnerability occurs when a client authentication request is received with type '3' and a long password argument. Reliable execution is obtained by abusing the stack buffer overflow to smash a SEH pointer. |
| id | MSF:EXPLOIT/WINDOWS/BACKUPEXEC/REMOTE_AGENT |
| last seen | 2019-12-26 |
| modified | 2017-07-24 |
| published | 2005-12-25 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/backupexec/remote_agent.rb |
| title | Veritas Backup Exec Windows Remote Agent Overflow |
Nessus
| NASL family | Windows |
| NASL id | VERITAS_AGENT_OVERFLOW.NASL |
| description | The remote host is running a version of VERITAS Backup Exec Agent which is vulnerable to a remote buffer overflow. An attacker may exploit this flaw to execute arbitrary code on the remote host or to disable this service remotely. To exploit this flaw, an attacker would need to send a specially crafted packet to the remote service. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18551 |
| published | 2005-06-23 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/18551 |
| title | VERITAS Backup Exec Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow |
Packetstorm
data source https://packetstormsecurity.com/files/download/38312/backupexec_agent.pm.txt id PACKETSTORM:38312 last seen 2016-12-05 published 2005-06-29 reporter Packet Storm source https://packetstormsecurity.com/files/38312/backupexec_agent.pm.txt.html title backupexec_agent.pm.txt data source https://packetstormsecurity.com/files/download/82934/remote_agent.rb.txt id PACKETSTORM:82934 last seen 2016-12-05 published 2009-10-30 reporter H D Moore source https://packetstormsecurity.com/files/82934/Veritas-Backup-Exec-Windows-Remote-Agent-Overflow.html title Veritas Backup Exec Windows Remote Agent Overflow
Saint
| bid | 14022 |
| description | VERITAS Backup Exec CONNECT_CLIENT_AUTH buffer overflow |
| id | misc_backupexec,misc_backupexecconn |
| osvdb | 17624 |
| title | backup_exec_connect_client_auth |
| type | remote |
References
- http://secunia.com/advisories/15789
- http://securitytracker.com/id?1014273
- http://seer.support.veritas.com/docs/276604.htm
- http://seer.support.veritas.com/docs/277429.htm
- http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities&flashstatus=true
- http://www.kb.cert.org/vuls/id/492105
- http://www.osvdb.org/17624
- http://www.securityfocus.com/bid/14022
- http://www.us-cert.gov/cas/techalerts/TA05-180A.html