ID CVE-2005-2611
Summary VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4019
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4019
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4170
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4170
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4172
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4172
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4174
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4174
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4202
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.0.4202
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1067_.2
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1067_.2
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1067_.3
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1067_.3
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1127_.1
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1127_.1
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1151_.1
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1151_.1
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1152
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1152
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1152_.4
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1152_.4
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1154
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1154
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1156
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.1156
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.306
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.306
  • cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.307
    cpe:2.3:a:symantec_veritas:backup_exec:netware_servers_9.1.307
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_10.0_rev._5484
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_10.0_rev._5484
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_10.0_rev._5484_sp1
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_10.0_rev._5484_sp1
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_10.0_rev._5520
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_10.0_rev._5520
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_8.6
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_8.6
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4367
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4367
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4367_sp1
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4367_sp1
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4454
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4454
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4454_sp1
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.0_rev._4454_sp1
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.1
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.1
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.1_rev._4691
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.1_rev._4691
  • cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.1_rev._4691_sp2
    cpe:2.3:a:symantec_veritas:backup_exec:windows_servers_9.1_rev._4691_sp2
  • cpe:2.3:a:symantec_veritas:backup_exec_remote_agent:netware_server
    cpe:2.3:a:symantec_veritas:backup_exec_remote_agent:netware_server
  • cpe:2.3:a:symantec_veritas:backup_exec_remote_agent:unix_linux_server
    cpe:2.3:a:symantec_veritas:backup_exec_remote_agent:unix_linux_server
  • cpe:2.3:a:symantec_veritas:backup_exec_remote_agent:windows_server
    cpe:2.3:a:symantec_veritas:backup_exec_remote_agent:windows_server
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp1
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp1
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp2
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp2
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp3
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp3
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp4
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp4
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp5
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp5
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp6
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp6
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp7
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp7
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp8
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_fp8
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp1
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp1
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp2
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp2
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp3
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp3
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp4
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp4
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp5
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp5
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp6
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp6
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp7
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp7
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp8
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_4.5_mp8
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp1
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp1
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp2
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp2
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp3
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp3
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp4
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp4
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp5
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.0_mp5
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1_mp1
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1_mp1
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1_mp2
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1_mp2
  • cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1_mp3
    cpe:2.3:a:symantec_veritas:netbackup:netware_media_servers_5.1_mp3
CVSS
Base: 10.0 (as of 17-08-2005 - 10:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Veritas Backup Exec Remote File Access Exploit (windows). CVE-2005-2611. Remote exploit for windows platform
id EDB-ID:1147
last seen 2016-01-31
modified 2005-08-11
published 2005-08-11
reporter N/A
source https://www.exploit-db.com/download/1147/
title Veritas Backup Exec Remote File Access Exploit windows
metasploit via4
description This module abuses a logic flaw in the Backup Exec Windows Agent to download arbitrary files from the system. This flaw was found by someone who wishes to remain anonymous and affects all known versions of the Backup Exec Windows Agent. The output file is in 'MTF' format, which can be extracted by the 'NTKBUp' program listed in the references section. To transfer an entire directory, specify a path that includes a trailing backslash.
id MSF:AUXILIARY/ADMIN/BACKUPEXEC/DUMP
last seen 2019-03-16
modified 2017-07-24
published 2006-12-03
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/backupexec/dump.rb
title Veritas Backup Exec Windows Remote File Access
nessus via4
NASL family Misc.
NASL id VERITAS_AGENT_DEFAULT_ACCOUNT.NASL
description The remote host is running a version of VERITAS Backup Exec Agent which is configured with a default root account. An attacker may exploit this flaw to retrieve files from the remote host.
last seen 2019-02-21
modified 2018-08-06
plugin id 19427
published 2005-08-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19427
title VERITAS Backup Exec Remote Agent Static Password Arbitrary File Download
refmap via4
bid 14551
cert TA05-224A
cert-vn VU#378957
confirm http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html
sectrack 1014662
secunia 16403
vupen ADV-2005-1387
xf backupexec-ndmp-gain-access(21793)
Last major update 07-03-2011 - 21:24
Published 17-08-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top