Buffer Overflow Vulnerability in VERITAS Backup Exec for Windows and Netware
CVE-2005-0773

Currently unrated

Key Information:

Vendor: Symantec Veritas
Status: Backup Exec
Vendor: CVE Published:; 18 June 2005

Summary

A stack-based buffer overflow exists in the VERITAS Backup Exec Remote Agent versions 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware. This vulnerability is triggered when an attacker sends a specially crafted CONNECT_CLIENT_AUTH request using authentication method type 3. A long password argument can cause the overflow, leading to the potential execution of arbitrary code by the attacker, compromising the system's security.

References

http://www.kb.cert.org/vuls/id/492105

third-party-advisoryx_refsource_CERT-VN

http://securitytracker.com/id?1014273

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/17624

vdb-entryx_refsource_OSVDB

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 18, 2005
Vulnerability Reserved
Mar 18, 2005