Full Disclosure mailing list archives
RE: iDEFENSE Security Advisory 12.16.04: VeritasBackup Exec AgentBrowser Registration Request Buffer Overflow Vulnerability
From: "Geo." <geoincidents () nls net>
Date: Thu, 23 Dec 2004 12:17:22 -0500
Successful exploitation does not require authentication thereby allowing any remote attacker to execute arbitrary code under the privileges of the Backup Exec Agent Browser (benetns.exe) process which is usually a domain administrative account.
This is a huge hole, don't backup vendors yet understand that a backup agent, a piece of code with access to everything on the machine requires not just security but EXTRA security? At a minimum a backup agent should automatically be limiting access to it's port to the IP of the backup server and just dropping any traffic from other IPs. Anyone have an idea how popular software like a backup agent is in the corporate world? Is this something you would pretty much find on all desktops or are desktops not backed up so this would be pretty much limited to servers? Even if it were just servers I would think it's more popular than say SQLserver no? (worm bait?) What are ISP's using to backup webserver farms? If anyone has comment but doesn't feel it's appropriate to comment on list, feel free to email me offlist. I've been in a discussion about this very topic over on news://news.barkto.com/homeless.nthelp and would appreciate information I can take to the discussion there. Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability idlabs-advisories (Dec 23)
- RE: iDEFENSE Security Advisory 12.16.04: VeritasBackup Exec AgentBrowser Registration Request Buffer Overflow Vulnerability Geo. (Dec 23)