Symantec VERITAS Backup Exec ndmp agent gain access

backupexec-ndmp-gain-access (21793) The risk level is classified as HighHigh Risk

Description:

VERITAS Backup Exec is a backup and recovery software solution for Microsoft Windows and Unix-based operating systems. VERITAS Backup Exec Agent versions 10.0, 9.1, and 9.0 running on Microsoft Windows Servers could allow a remote attacker to gain unauthorized access. A remote attacker can access the Network Data Management Protocol (NDMP) agent using built-in authentication bypass account to gain access to arbitrary files, including system files.


Consequences:

Gain Access

Remedy:

For vulnerability detection:

Enable the following checks in the ISS Protection platform:
BackupexecNdmpGainAccess

For Virtual Patch:

Enable the following checks in the Dynamic ISS Protection platform:
NDMP_Veritas_BackupExec_RemoteAccess

For Manual Protection:
Apply the appropriate update for your system, as listed in Symantec Security Response August 12, 2005. See References.

References:

  • Internet Security Systems Protection Alert August 12, 2005: Veritas Backup Exec Remote Agent File Download Vulnerability.
  • Symantec Security Response August 12, 2005: Veritas Backup Exec Remote Agent for Windows Servers Arbitrary File Download Vulnerability.
  • VERITAS Support Document ID: 278430: VERITAS NetBackup (tm) for NetWare Media Servers Security Advisory: Unauthorized downloading of arbitrary files.
  • VERITAS Support Document ID: 278431: VERITAS Backup Exec for NetWare Servers Security Advisory: Unauthorized downloading of arbitrary files.
  • VERITAS Support Document ID: 278434: VERITAS Backup Exec for Windows Servers Security Advisory: Unauthorized downloading of arbitrary files.
  • BID-14551: Veritas Backup Exec For Windows And NetWare Arbitrary File Download Vulnerability
  • CVE-2005-2611: VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.
  • SA16403: VERITAS Backup Exec / NetBackup Arbitrary File Download Vulnerability
  • SECTRACK ID: 1014662: Veritas Backup Exec Remote Agent Discloses Arbitrary Files to Remote Users
  • US-CERT VU#378957: VERITAS Backup Exec uses hard-coded authentication credentials
  • VUPEN/ADV-2005-1387: Veritas Backup Exec and NetBackup Remote File Access Vulnerability

Platforms Affected:

  • Symantec VERITAS Backup Exec 10.0 SP1 rev 5484
  • Symantec VERITAS Backup Exec 10.0 rev 5484
  • Symantec VERITAS Backup Exec 10.0.5520
  • Symantec VERITAS Backup Exec 8.6 Windows
  • Symantec VERITAS Backup Exec 9.0 Windows
  • Symantec VERITAS Backup Exec 9.0.4019 NetWare
  • Symantec VERITAS Backup Exec 9.0.4170 NetWare
  • Symantec VERITAS Backup Exec 9.0.4172 NetWare
  • Symantec VERITAS Backup Exec 9.0.4174 NetWare
  • Symantec VERITAS Backup Exec 9.0.4202 NetWare
  • Symantec VERITAS Backup Exec 9.0.4367 Windows
  • Symantec VERITAS Backup Exec 9.0.4367 SP1 Windows
  • Symantec VERITAS Backup Exec 9.0.4454 SP1 Windows
  • Symantec VERITAS Backup Exec 9.1 Windows
  • Symantec VERITAS Backup Exec 9.1.1067.2 NetWare
  • Symantec VERITAS Backup Exec 9.1.1067.3 NetWare
  • Symantec VERITAS Backup Exec 9.1.1127.1 NetWare
  • Symantec VERITAS Backup Exec 9.1.1151.1 NetWare
  • Symantec VERITAS Backup Exec 9.1.1152 NetWare
  • Symantec VERITAS Backup Exec 9.1.1152.4 NetWare
  • Symantec VERITAS Backup Exec 9.1.1154 NetWare
  • Symantec VERITAS Backup Exec 9.1.1156 NetWare
  • Symantec VERITAS Backup Exec 9.1.306 NetWare
  • Symantec VERITAS Backup Exec 9.1.307 NetWare
  • Symantec VERITAS Backup Exec 9.1.4691 Windows
  • Symantec VERITAS Backup Exec 9.1.4691 SP2 Windows
  • Symantec VERITAS Backup Exec Remote Agent
  • Symantec VERITAS Backup Exec Remote Agent UNIX Linux
  • Symantec VERITAS Backup Exec Remote Agent NetWare
  • Symantec VERITAS NetBackup 4.5 MP5 NetWare
  • Symantec VERITAS NetBackup 4.5 FP1 NetWare
  • Symantec VERITAS NetBackup 4.5 FP2 NetWare
  • Symantec VERITAS NetBackup 4.5 FP3 NetWare
  • Symantec VERITAS NetBackup 4.5 FP4 NetWare
  • Symantec VERITAS NetBackup 4.5 FP5 NetWare
  • Symantec VERITAS NetBackup 4.5 FP6 NetWare
  • Symantec VERITAS NetBackup 4.5 FP7 NetWare
  • Symantec VERITAS NetBackup 4.5 FP8 NetWare
  • Symantec VERITAS NetBackup 4.5 MP1 NetWare
  • Symantec VERITAS NetBackup 4.5 MP8 NetWare
  • Symantec VERITAS NetBackup 4.5 MP7 NetWare
  • Symantec VERITAS NetBackup 4.5 MP6 NetWare
  • Symantec VERITAS NetBackup 4.5 NetWare
  • Symantec VERITAS NetBackup 4.5 MP4 NetWare
  • Symantec VERITAS NetBackup 4.5 MP3 NetWare
  • Symantec VERITAS NetBackup 4.5 MP2 NetWare
  • Symantec VERITAS NetBackup 5.0 MP1 NetWare
  • Symantec VERITAS NetBackup 5.0 MP2 NetWare
  • Symantec VERITAS NetBackup 5.0 MP3 NetWare
  • Symantec VERITAS NetBackup 5.0 MP4 NetWare
  • Symantec VERITAS NetBackup 5.0 NetWare
  • Symantec VERITAS NetBackup 5.0 MP5 NetWare
  • Symantec VERITAS NetBackup 5.1 MP1 NetWare
  • Symantec VERITAS NetBackup 5.1 MP2 NetWare
  • Symantec VERITAS NetBackup 5.1 MP3 NetWare
  • Symantec VERITAS NetBackup 5.1 NetWare

Reported:

Aug 11, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page