Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1172

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1172
Last Modified 05 Sep 2008 04:40:35
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1172

Summary

Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.

Vulnerable Systems

Application

  • Symantec Veritas Backup Exec 8.0

  • Symantec Veritas Backup Exec 8.5

  • Symantec Veritas Backup Exec 8.6

  • Symantec Veritas Backup Exec 9.0

  • Symantec Veritas Backup Exec 9.1


References

CERT-VN - VU#907729

BID - 11974

XF - netbackup-agent-browser-bo(18506)

IDEFENSE - 20041216 Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability

MISC - http://www.frsirt.com/exploits/20050111.101_BXEC.cpp.php

CONFIRM - http://seer.support.veritas.com/docs/273850.htm

CONFIRM - http://seer.support.veritas.com/docs/273422.htm

CONFIRM - http://seer.support.veritas.com/docs/273420.htm

CONFIRM - http://seer.support.veritas.com/docs/273419.htm

SECUNIA - 13495


Last Updated: 27 May 2016 10:38:56