Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: iDEFENSE Security Advisory 12.16.04: VeritasBackup Exec AgentBrowser Registration Request Buffer Overflow Vulnerability
From: "Geo." <geoincidents () nls net>
Date: Thu, 23 Dec 2004 12:17:22 -0500

Successful exploitation does not require authentication thereby allowing
any remote attacker to execute arbitrary code under the privileges of
the Backup Exec Agent Browser (benetns.exe) process which is usually a
domain administrative account.

This is a huge hole, don't backup vendors yet understand that a backup
agent, a piece of code with access to everything on the machine requires not
just security but EXTRA security? At a minimum a backup agent should
automatically be limiting access to it's port to the IP of the backup server
and just dropping any traffic from other IPs.

Anyone have an idea how popular software like a backup agent is in the
corporate world? Is this something you would pretty much find on all
desktops or are desktops not backed up so this would be pretty much limited
to servers? Even if it were just servers I would think it's more popular
than say SQLserver no? (worm bait?)

What are ISP's using to backup webserver farms?

If anyone has comment but doesn't feel it's appropriate to comment on list,
feel free to email me offlist. I've been in a discussion about this very
topic over on news://news.barkto.com/homeless.nthelp and would appreciate
information I can take to the discussion there.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]