Remote exploitation of a stack-based buffer overflow vulnerability in Backup Exec 8.6 and 9.x may allow the unauthorized execution of arbitrary code.
Details:
The vulnerability specifically exists within the function
responsible for receiving and parsing registration requests. The issue allows a
remote attacker to execute arbitrary code under the privileges of one of the
VERITAS Backup Exec (tm) service processes, which is usually a domain
administrative account.
A hotfix is available for the following versions
of Backup Exec:
Backup Exec 8.6 installations should have the
following hotfix applied:
Be86hf68_273850.exe 8.60.3878 Hotfix 68 - Backup Exec (Buffer overflow
creates a security hole in Agent Browser)
Note:
Backup Exec 8.6 installations must be upgraded to Backup Exec 8.6 Build 3878
prior to the installation of this hotfix.
Backup Exec 9.0 installations should have the
following hotfix applied:
Be4454RF30_274298.exe
9.0.4454 Hotfix 30 - Backup Exec (buffer overflow creates a security hole in
agent browser)
Note:
Backup Exec 9.0 4454 installations must be upgraded to Backup Exec 9.0 4454
Service Pack 1 prior to the installation of this hotfix.
Note:
Backup Exec 9.0 installations can be upgraded to Backup Exec 9.1 4691 Service
Pack 2 free of charge. If an upgrade is performed, use the patch
below.
Backup Exec 9.1 installations should have the following
hotfix applied:
Be4691RSP2_275247.exe
VERITAS Backup Exec (tm) 9.1 for Windows Servers revision 4691 - Service Pack 2
Workaround
for all Backup Exec versions:
To
avoid this issue in any version of Backup Exec, a firewall can be used to
restrict incoming connections to trusted workstations running Backup Exec
software.
Note:
VERITAS Technical Services recommends that Backup Exec installations are always
kept at the latest version, build, and hotfix level available. It is also
recommended that a full backup is performed prior to and after any changes are
made to a software environment. If you have any questions or concerns about this
issue, please contact VERITAS Technical Services.
VERITAS Software has acknowledged that the
above-mentioned issue may be present in earlier versions of the product which
are no longer supported. There are no plans to address this issue by way of a
patch or hotfix in any end-of-life versions of the product at the present time.
The issue has been addressed in all supported versions of the product specified
at the end of this article. If you have an unsupported version of the product,
you will have to move to a supported version of the product to apply the patch
or implement the workaround mentioned above.
Products Applied:
Backup Exec for Windows Servers 10.0, 8.6, 9.0, 9.1
Subjects:
Backup Exec for Windows Servers
Application: Alert, Troubleshooting
Publishing Status: Techalert
Languages:
English (US)
Operating Systems:
Windows 2000Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, SAK, Server, Server Windows Powered
Windows NT
4.0 Server SP6a, 4.0 Workstation SP6a
Windows NT Small Business Server
2000, 4.5
Windows XP
Home 5.1, Pro 5.1
Windows Server 2003
DataCenter, Enterprise Server, Standard Server, Storage Server, Web Server
Windows Small Business Server 2003
Premium Edition, Standard Edition