Test ID:	1.3.6.1.4.1.25623.1.0.802985
Category:	Buffer overflow
Title:	VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability
Summary:	VERITAS Backup Exec Remote Agent for Windows Servers is prone to a buffer overflow vulnerability.
Description:	Summary: VERITAS Backup Exec Remote Agent for Windows Servers is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to insufficient input validation on CONNECT_CLIENT_AUTH requests. CONNECT_CLIENT_AUTH requests sent with an authentication method type '3' indicating Windows user credentials, and an overly long password argument can overflow the buffer and lead to arbitrary code execution. Vulnerability Impact: Successful exploitation will allow attackers to overflow a buffer and execute arbitrary code on the system. Affected Software/OS: Veritas Backup Exec Remote Agent versions 9.0 through 10.0 for Windows Servers Solution: Upgrade to Veritas Backup Exec Remote Agent 10.0 rev. 5520 for Windows Servers CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0773 AUSCERT Advisory: AL-2005.013 BugTraq ID: 14022 http://www.securityfocus.com/bid/14022 Cert/CC Advisory: TA05-180A http://www.us-cert.gov/cas/techalerts/TA05-180A.html CERT/CC vulnerability note: VU#492105 http://www.kb.cert.org/vuls/id/492105 http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17624 http://securitytracker.com/id?1014273 http://secunia.com/advisories/15789
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.