Vulnerability Name:

CVE-2005-0773 (CCN-21113)

Assigned:2005-06-18
Published:2005-06-18
Updated:2011-03-08
Summary:Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0773

Source: CCN
Type: SA15789
VERITAS Backup Exec Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
15789

Source: CCN
Type: SECTRACK ID: 1014273
Veritas Backup Exec Bugs Let Remote Users Execute Arbitrary Code, Crash the System, and Modify the Registry

Source: SECTRACK
Type: Patch
1014273

Source: CCN
Type: Veritas Document ID: 276604
VERITAS Backup Exec Remote Agent for Windows Servers (RAWS) Buffer Overflow Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://seer.support.veritas.com/docs/276604.htm

Source: CONFIRM
Type: Patch
http://seer.support.veritas.com/docs/277429.htm

Source: IDEFENSE
Type: Vendor Advisory
20050623 Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow Vulnerability

Source: CCN
Type: US-CERT VU#492105
VERITAS Backup Exec Remote Agent fails to properly validate authentication requests

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#492105

Source: OSVDB
Type: UNKNOWN
17624

Source: CCN
Type: OSVDB ID: 17624
VERITAS Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow

Source: BID
Type: Exploit, Patch
14022

Source: CCN
Type: BID-14022
Veritas Backup Exec Remote Agent for Windows Servers Authentication Buffer Overflow Vulnerability

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
TA05-180A

Source: CCN
Type: Veritas NetBackup Web page
NetBackup Server

Source: CCN
Type: Internet Security Systems Protection Alert June 30, 2005
Veritas Backup Exec Agent Exploitation

Source: XF
Type: UNKNOWN
backupexec-authentication-bo(21113)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec_veritas:backup_exec:9.0.4019:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4170:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4172:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4174:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4202:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0_rev.4367:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0_rev.4367_sp1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0_rev.4454:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0_rev.4454_sp1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.306:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.307:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1067.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1067.3:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1127.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1151.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1152:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1152.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1154:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1_rev.4691:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1_rev.4691_sp2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:10.0_rev.5484:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:10.0_rev.5484_sp1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:netware:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.307:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.306:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1154:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1152.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1152:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1151.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1127.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1067.3:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.1.1067.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4202:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4174:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4172:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4170:*:*:*:*:*:*:*
  • OR cpe:/a:symantec_veritas:backup_exec:9.0.4019:*:*:*:*:*:*:*
  • AND
  • cpe:/a:novell:netware:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:netware:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:novell:netware:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec_veritas backup exec 9.0.4019
    symantec_veritas backup exec 9.0.4170
    symantec_veritas backup exec 9.0.4172
    symantec_veritas backup exec 9.0.4174
    symantec_veritas backup exec 9.0.4202
    symantec_veritas backup exec 9.0_rev.4367
    symantec_veritas backup exec 9.0_rev.4367_sp1
    symantec_veritas backup exec 9.0_rev.4454
    symantec_veritas backup exec 9.0_rev.4454_sp1
    symantec_veritas backup exec 9.1.306
    symantec_veritas backup exec 9.1.307
    symantec_veritas backup exec 9.1.1067.2
    symantec_veritas backup exec 9.1.1067.3
    symantec_veritas backup exec 9.1.1127.1
    symantec_veritas backup exec 9.1.1151.1
    symantec_veritas backup exec 9.1.1152
    symantec_veritas backup exec 9.1.1152.4
    symantec_veritas backup exec 9.1.1154
    symantec_veritas backup exec 9.1_rev.4691
    symantec_veritas backup exec 9.1_rev.4691_sp2
    symantec_veritas backup exec 10.0_rev.5484
    symantec_veritas backup exec 10.0_rev.5484_sp1
    novell netware 6.5
    symantec_veritas backup exec 9.1.307
    symantec_veritas backup exec 9.1.306
    symantec_veritas backup exec 9.1.1154
    symantec_veritas backup exec 9.1.1152.4
    symantec_veritas backup exec 9.1.1152
    symantec_veritas backup exec 9.1.1151.1
    symantec_veritas backup exec 9.1.1127.1
    symantec_veritas backup exec 9.1.1067.3
    symantec_veritas backup exec 9.1.1067.2
    symantec_veritas backup exec 9.0.4202
    symantec_veritas backup exec 9.0.4174
    symantec_veritas backup exec 9.0.4172
    symantec_veritas backup exec 9.0.4170
    symantec_veritas backup exec 9.0.4019
    novell netware 5.0
    novell netware 5.1
    novell netware 6.0
    microsoft windows 2003 server *