CERTA-2005-AVI-313
Vulnerability from certfr_avis

None

Description

Une vulnérabilité, liée à l'utilisation d'un mot de passe statique lors du processus d'authentification entre les agents et les serveurs des produits Veritas, a été découverte. Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné afin d'obtenir un accès distant et de télécharger des fichiers vers ou depuis le serveur de sauvegarde.

Contournement provisoire

Filtrer le port 10000/tcp.

Solution

Appliquer le correctif de Symantec tel qu'indiqué dans le bulletin de sécurité SYM05-011 (voir Documentation).

None
Impacted products
Vendor Product Description
Microsoft Windows Veritas Backup Exec for Windows Servers 10.0 ;
Microsoft Windows Veritas Backup Exec for Windows Servers 9.1 ;
N/A N/A Veritas NetBackup for NetWare Media Server Option 5.0 ;
Microsoft N/A Veritas Backup Exec for NetWare Servers 9.0 ;
Microsoft N/A Veritas Backup Exec for NetWare Servers 9.1 ;
Microsoft N/A Veritas NetBackup for NetWare Media Server Option 5.1.
Microsoft N/A Veritas Backup Exec Remote Agent for NetWare Servers ;
Microsoft N/A Veritas NetBackup for NetWare Media Server Option 4.5 FP ;
Microsoft Windows Veritas Backup Exec for Windows Servers 8.6 ;
Microsoft Windows Veritas Backup Exec for Windows Servers 9.0 ;
Microsoft N/A Veritas NetBackup for NetWare Media Server Option 4.5 ;
Microsoft N/A Veritas Backup Exec Remote Agent for Unix or Linux Servers ;
Microsoft Windows Veritas Backup Exec Remote Agent for Windows Servers ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Veritas Backup Exec for Windows Servers 10.0 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for Windows Servers 9.1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for NetWare Servers 9.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for NetWare Servers 9.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 5.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec Remote Agent for NetWare Servers ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 4.5 FP ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for Windows Servers 8.6 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for Windows Servers 9.0 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 4.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec Remote Agent for Unix or Linux Servers ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec Remote Agent for Windows Servers ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9, li\u00e9e \u00e0 l\u0027utilisation d\u0027un mot de passe statique lors\ndu processus d\u0027authentification entre les agents et les serveurs des\nproduits Veritas, a \u00e9t\u00e9 d\u00e9couverte. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\nexploit\u00e9e par un utilisateur mal intentionn\u00e9 afin d\u0027obtenir un acc\u00e8s\ndistant et de t\u00e9l\u00e9charger des fichiers vers ou depuis le serveur de\nsauvegarde.\n\n## Contournement provisoire\n\nFiltrer le port 10000/tcp.\n\n## Solution\n\nAppliquer le correctif de Symantec tel qu\u0027indiqu\u00e9 dans le bulletin de\ns\u00e9curit\u00e9 SYM05-011 (voir Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-08-16T00:00:00",
  "last_revision_date": "2005-08-16T00:00:00",
  "links": [
    {
      "title": "Correctifs pour Veritas Backup Exec for Windows Servers :",
      "url": "http://support.veritas.com/docs/278434"
    },
    {
      "title": "Correctifs pour Veritas Backup Exec for NetWare Servers :",
      "url": "http://support.veritas.com/docs/278431"
    },
    {
      "title": "Correctifs pour Veritas NetBackup for NetWare Media Server    Option :",
      "url": "http://support.veritas.com/docs/278430"
    }
  ],
  "reference": "CERTA-2005-AVI-313",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans Veritas Backup Exec et dans Veritas NetBackup",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Symantec SYM05-011 du 12 ao\u00fbt 2005",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.