CERTA-2005-AVI-313

Vulnerability from certfr_avis - Published: 2005-08-16 - Updated: 2005-08-16

None

Description

Une vulnérabilité, liée à l'utilisation d'un mot de passe statique lors du processus d'authentification entre les agents et les serveurs des produits Veritas, a été découverte. Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné afin d'obtenir un accès distant et de télécharger des fichiers vers ou depuis le serveur de sauvegarde.

Contournement provisoire

Filtrer le port 10000/tcp.

Solution

Appliquer le correctif de Symantec tel qu'indiqué dans le bulletin de sécurité SYM05-011 (voir Documentation).

None
Impacted products
Vendor Product Description
Microsoft Windows Veritas Backup Exec for Windows Servers 10.0 ;
Microsoft Windows Veritas Backup Exec for Windows Servers 9.1 ;
N/A N/A Veritas NetBackup for NetWare Media Server Option 5.0 ;
Microsoft N/A Veritas Backup Exec for NetWare Servers 9.0 ;
Microsoft N/A Veritas Backup Exec for NetWare Servers 9.1 ;
Microsoft N/A Veritas NetBackup for NetWare Media Server Option 5.1.
Microsoft N/A Veritas Backup Exec Remote Agent for NetWare Servers ;
Microsoft N/A Veritas NetBackup for NetWare Media Server Option 4.5 FP ;
Microsoft Windows Veritas Backup Exec for Windows Servers 8.6 ;
Microsoft Windows Veritas Backup Exec for Windows Servers 9.0 ;
Microsoft N/A Veritas NetBackup for NetWare Media Server Option 4.5 ;
Microsoft N/A Veritas Backup Exec Remote Agent for Unix or Linux Servers ;
Microsoft Windows Veritas Backup Exec Remote Agent for Windows Servers ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Veritas Backup Exec for Windows Servers 10.0 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for Windows Servers 9.1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for NetWare Servers 9.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for NetWare Servers 9.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 5.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec Remote Agent for NetWare Servers ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 4.5 FP ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for Windows Servers 8.6 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec for Windows Servers 9.0 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas NetBackup for NetWare Media Server Option 4.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec Remote Agent for Unix or Linux Servers ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Veritas Backup Exec Remote Agent for Windows Servers ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9, li\u00e9e \u00e0 l\u0027utilisation d\u0027un mot de passe statique lors\ndu processus d\u0027authentification entre les agents et les serveurs des\nproduits Veritas, a \u00e9t\u00e9 d\u00e9couverte. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\nexploit\u00e9e par un utilisateur mal intentionn\u00e9 afin d\u0027obtenir un acc\u00e8s\ndistant et de t\u00e9l\u00e9charger des fichiers vers ou depuis le serveur de\nsauvegarde.\n\n## Contournement provisoire\n\nFiltrer le port 10000/tcp.\n\n## Solution\n\nAppliquer le correctif de Symantec tel qu\u0027indiqu\u00e9 dans le bulletin de\ns\u00e9curit\u00e9 SYM05-011 (voir Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-08-16T00:00:00",
  "last_revision_date": "2005-08-16T00:00:00",
  "links": [
    {
      "title": "Correctifs pour Veritas Backup Exec for Windows Servers :",
      "url": "http://support.veritas.com/docs/278434"
    },
    {
      "title": "Correctifs pour Veritas Backup Exec for NetWare Servers :",
      "url": "http://support.veritas.com/docs/278431"
    },
    {
      "title": "Correctifs pour Veritas NetBackup for NetWare Media Server    Option :",
      "url": "http://support.veritas.com/docs/278430"
    }
  ],
  "reference": "CERTA-2005-AVI-313",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans Veritas Backup Exec et dans Veritas NetBackup",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Symantec SYM05-011 du 12 ao\u00fbt 2005",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.