Summary
This host is running VERITAS Backup Exec Agent Browser and is prone to buffer overflow vulnerability.
Impact
Successful exploitation will allow attackers to overflow a buffer and execute arbitrary code on the system.
Impact Level: System/Application
Solution
Upgrade to Veritas Backup Exec Agent Browser 8.60.3878 Hotfix 68 or 9.1.4691 Hotfix 40 or later,
For updates refer to http://www.symantec.com/index.jsp
Insight
The name server registration service (benetns.exe) fails to validate the client hostname field during the registration process, which leads into stack-based buffer overflow.
Affected
Veritas Backup Exec Agent Browser version 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0318.html
- http://secunia.com/advisories/13495
- http://www.exploit-db.com/exploits/750/
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/pdf/HS05-002.pdf
- http://www.kb.cert.org/vuls/id/907729
- http://www.osvdb.org/show/osvdb/12418
- http://xforce.iss.net/xforce/xfdb/18506
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-1172 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ALLMediaServer Request Handling Stack Buffer Overflow Vulnerability
- Beatport Player '.m3u' File Buffer Overflow Vulnerability
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
- Cogent DataHub Unicode Buffer Overflow Vulnerability