Document ID: 273419
http://support.veritas.com/docs/273419 E-Mail Colleague IconE-Mail this document to a colleague

Remote exploitation of a stack-based buffer overflow vulnerability in Backup Exec 8.6 and 9.x may allow the unauthorized execution of arbitrary code.
Details:
The vulnerability specifically exists within the function responsible for receiving and parsing registration requests. The issue allows a remote attacker to execute arbitrary code under the privileges of one of the VERITAS Backup Exec (tm) service processes, which is usually a domain administrative account.

A hotfix is available for the following versions of Backup Exec:

Backup Exec 8.6 installations should have the following hotfix applied:

Be86hf68_273850.exe 8.60.3878 Hotfix 68 - Backup Exec (Buffer overflow creates a security hole in Agent Browser)
 http://support.veritas.com/docs/273850

Note: Backup Exec 8.6 installations must be upgraded to Backup Exec 8.6 Build 3878 prior to the installation of this hotfix.


Backup Exec 9.0 installations should have the following hotfix applied:

Be4454RF30_274298.exe 9.0.4454 Hotfix 30 - Backup Exec (buffer overflow creates a security hole in agent browser)

 http://support.veritas.com/docs/274298

Note: Backup Exec 9.0 4454 installations must be upgraded to Backup Exec 9.0 4454 Service Pack 1 prior to the installation of this hotfix.
Note: Backup Exec 9.0 installations can be upgraded to Backup Exec 9.1 4691 Service Pack 2 free of charge. If an upgrade is performed, use the patch below.


Backup Exec 9.1 installations should have the following hotfix applied:

Be4691RSP2_275247.exe VERITAS Backup Exec (tm) 9.1 for Windows Servers revision 4691 - Service Pack 2

 http://support.veritas.com/docs/273420


Workaround for all Backup Exec versions:
To avoid this issue in any version of Backup Exec, a firewall can be used to restrict incoming connections to trusted workstations running Backup Exec software.

Note: VERITAS Technical Services recommends that Backup Exec installations are always kept at the latest version, build, and hotfix level available. It is also recommended that a full backup is performed prior to and after any changes are made to a software environment. If you have any questions or concerns about this issue, please contact VERITAS Technical Services.


VERITAS Software has acknowledged that the above-mentioned issue may be present in earlier versions of the product which are no longer supported. There are no plans to address this issue by way of a patch or hotfix in any end-of-life versions of the product at the present time. The issue has been addressed in all supported versions of the product specified at the end of this article. If you have an unsupported version of the product, you will have to move to a supported version of the product to apply the patch or implement the workaround mentioned above.


Supplemental Material:

System: Ref.#Description
ETrack: 275793 BEWS: Buffer overflow creates a security hole in Agent Browser (BEWS 8.6)
ETrack: 275738 BEWS: Buffer overflow creates a security hole in Agent Browser (BEWS 9.1)
ETrack: 292772 BEWS: Buffer overflow creates a security hole in Agent Browser (BEWS 9.0)

Products Applied:
 Backup Exec for Windows Servers 10.0, 8.6, 9.0, 9.1
Last Updated: March 31 2005 04:14 PM GMT
Expires on: 365 days from publish date
Subscribe Via E-Mail IconSubscribe to receive critical updates about this document

Subjects:
 Backup Exec for Windows Servers
   Application: Alert, Troubleshooting
   Publishing Status: Techalert

Languages:
 English (US)

Operating Systems:
Windows 2000

Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, SAK, Server, Server Windows Powered

Windows NT

4.0 Server SP6a, 4.0 Workstation SP6a

Windows NT Small Business Server

2000, 4.5

Windows XP

Home 5.1, Pro 5.1

Windows Server 2003

DataCenter, Enterprise Server, Standard Server, Storage Server, Web Server

Windows Small Business Server 2003

Premium Edition, Standard Edition