[Dshield] Veritas Backup Exec Windows Agent Remote File Access Exploit

Mark Tombaugh mtombaugh at alliedcc.com
Fri Aug 12 21:02:29 GMT 2005

On Fri, 2005-08-12 at 18:01 +0000, Fergie (Paul Ferguson) wrote:
> I sure hope that there aren't many of you have that have
> large deployments of older Veritas Backup software anywhere
> in their networks 

> Veritas Backup Exec Windows Agent Remote File Access Exploit
> http://www.frsirt.com/exploits/20050811.backupexec_dump.pm.php

At the moment its not just older versions. Afaict _any_ version is
vulnerable. The logic flaw is in NDMP, the protocol behind bexec. 

> I've already heard of a couple of cases where hackers have
> gained unauthorized access to networks using this, and a
> couple of other recent Veritas vulnerabilities.

This exploit in particular results only in information disclosure. The
exploit basically "backs up" any file from the backup server to the
attackers system. 

Keep in mind its not just Backup Exec Server thats affected, all of your
up to date Remote Agent for Windows are vulnerable as well. 

The other exploits (remote agent overflow - which is patched via
veritas) are most likely what were used to compromise those networks.

PS - Has anyone checked to see if Windows Encryption protects against
the file access issue? Might be worth a shot.

Mark Tombaugh mtombaugh at alliedcc.com Allied Computer Corp
Research Triangle Park www.alliedcc.com tel:(919)598-8900

More information about the list mailing list