ID CVE-2005-0771
Summary VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec_veritas:backup_exec:10.0_rev.5484
    cpe:2.3:a:symantec_veritas:backup_exec:10.0_rev.5484
  • cpe:2.3:a:symantec_veritas:backup_exec:9.0_rev.4367
    cpe:2.3:a:symantec_veritas:backup_exec:9.0_rev.4367
  • cpe:2.3:a:symantec_veritas:backup_exec:9.0_rev.4454
    cpe:2.3:a:symantec_veritas:backup_exec:9.0_rev.4454
  • cpe:2.3:a:symantec_veritas:backup_exec:9.1_rev.4691
    cpe:2.3:a:symantec_veritas:backup_exec:9.1_rev.4691
CVSS
Base: 10.0 (as of 02-08-2005 - 10:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
metasploit via4
description This modules exploits a remote registry access flaw in the BackupExec Windows Server RPC service. This vulnerability was discovered by Pedram Amini and is based on the NDR stub information posted to openrce.org. Please see the action list for the different attack modes.
id MSF:AUXILIARY/ADMIN/BACKUPEXEC/REGISTRY
last seen 2019-03-08
modified 2017-08-25
published 2006-12-02
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/backupexec/registry.rb
title Veritas Backup Exec Server Registry Access
nessus via4
NASL family Gain a shell remotely
NASL id VERITAS_REGISTRY.NASL
description The remote host is running a version of VERITAS Backup Exec for Windows that is vulnerable to a remote registry access. An attacker may exploit this flaw to modify the remote registry and gain a full access to the system. To exploit this flaw, an attacker would need to send requests to the RPC service listening on port 6106. The patch for this vulnerability fixes other remote flaws (buffer overflows) that may allow an attacker to execute code on the remote host with SYSTEM privileges.
last seen 2019-02-21
modified 2018-08-06
plugin id 19397
published 2005-08-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19397
title VERITAS Backup Exec Agent Unauthenticated Remote Registry Access
refmap via4
cert TA05-180A
cert-vn VU#584505
confirm
idefense 20050623 Veritas Backup Exec Server Remote Registry Access Vulnerability
sectrack 1014273
secunia 15789
Last major update 07-03-2011 - 21:20
Published 23-06-2005 - 00:00
Back to Top