漏洞信息详情
Veritas Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH远程缓冲区错误漏洞
- CNNVD编号:CNNVD-200506-181
- 危害等级: 高危
- CVE编号: CVE-2005-0773
- 漏洞类型: 缓冲区溢出
- 发布时间: 2005-06-18
- 威胁类型: 远程
- 更新时间: 2006-03-27
- 厂 商: symantec_veritas
- 漏洞来源:
漏洞简介
Veritas Backup Exec Remote Agent是一款支持网络数据管理协议(NDMP)的数据备份和恢复解决方案。
Veritas Backup Exec Remote Agent在处理用户认证请求时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。
当客户端发送一个类型3的认证请求,而且带有一个超长的Password字段时会触发缓冲区溢出漏洞,导致执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Veritas Software Backup Exec for Windows Servers 10.0 rev. 5484 SP1
Veritas Software be5484RHF24_275514.exe
http://support.veritas.com/docs/275514
Veritas Software Backup Exec for Windows Servers 9.0 rev. 4367 SP1
Veritas Software be4367RHF21_276156.exe
http://support.veritas.com/docs/276156
Veritas Software Backup Exec for Windows Servers 9.0 rev. 4454 SP1
Veritas Software be4454RHF31_275911.exe
http://support.veritas.com/docs/275911
Veritas Software Backup Exec for NetWare Servers 9.0.4202
Veritas Software B904202HF1_277423.EXE
http://support.veritas.com/docs/277423
Veritas Software Backup Exec for Windows Servers 9.1 rev. 4691 SP2
Veritas Software be4691RHF52_275909.exe
http://support.veritas.com/docs/275909
参考网址
来源: US-CERT
名称: TA05-180A
链接:http://www.us-cert.gov/cas/techalerts/TA05-180A.HTML
来源: US-CERT
名称: VU#492105
链接:http://www.kb.cert.org/vuls/id/492105
来源: BID
名称: 14022
链接:http://www.securityfocus.com/bid/14022
来源: seer.support.veritas.com
链接:http://seer.support.veritas.com/docs/277429.htm
来源: seer.support.veritas.com
链接:http://seer.support.veritas.com/docs/276604.htm
来源: SECTRACK
名称: 1014273
链接:http://securitytracker.com/id?1014273
来源: SECUNIA
名称: 15789
链接:http://secunia.com/advisories/15789
来源: OSVDB
名称: 17624
链接:http://www.osvdb.org/17624
来源: IDEFENSE
名称: 20050623 Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow Vulnerability
链接:http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities&flashstatus=true
来源: IDEFENSE
名称: 20050623 Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow Vulnerability
链接:http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities&flashstatus=true
受影响实体
- Symantec_veritas Backup_exec:9.1_rev.4691_sp2
- Symantec_veritas Backup_exec:9.1_rev.4691
- Symantec_veritas Backup_exec:9.1.307
- Symantec_veritas Backup_exec:9.1.306
- Symantec_veritas Backup_exec:9.1.1154
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论