Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:3084 |
| Message | EXPLOIT Veritas backup overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a vulnerability associated with the Veritas Back Exec Agent Browser. |
| Impact | Serious. Execution of arbitrary commands may be possible. |
| Detailed Information | The Veritas Backup Agent Browser is the server component of the Backup Exec software employed to provide a backup solution. Client agents communicate with the Backup Agent Browser. A registration request from a client that contains an overly long hostname value can cause a buffer overflow and the subsequent execution of arbitrary code on a vulnerable server. |
| Affected Systems | Veritas Software Backup Exec 8.0, 8.5, 8.6, 9.0, 9.1 |
| Attack Scenarios | An attacker can craft a registration request that contains an overly long hostname, causing a buffer overflow. |
| Ease of Attack | Simple. |
| Corrective Action | Upgrade to the most current nonaffected version of the software. |
| Additional References | |
| Rule References | bugtraq: 11974 cve: 2004-1172 |
--
DID:170933
--
http://www.aanval.com/