>> Veritas Backup Exec and NetBackup Remote File Access Vulnerability
Title : Veritas Backup Exec and NetBackup Remote File Access Vulnerability VUPEN ID : VUPEN/ADV-2005-1387 CVE ID : CVE-2005-2611 CWE ID : CWE-
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-08-12
Technical Description
A vulnerability was identified in Veritas Backup Exec and NetBackup, which could be exploited by remote attackers to gain unauthorized access. This flaw is due to a design error where the Network Data Management Protocol (NDMP) agent can be accessed via a static (hard-coded) root password (port 10000), which could be exploited by remote attackers to gain access to a vulnerable system and read or write arbitrary files from and to the backup server.
Credits Vulnerability discovered by an anonymous person and reported by H D Moore
ChangeLog 2005-08-12 : Initial release
2005-08-13 : Updated Advisory (Affected products and solution)
2005-08-13 : Updated Advisory (Patch available for Windows) Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
