Bugtraq mailing list archives

Buffer overflow vulnerability in VERITAS Software Backup Exec Web Administration Console (BEWAC)

From: "NGSSoftware Insight Security Research" <mark () ngssoftware com>
Date: Thu, 23 Jun 2005 16:42:37 +0100

Mark Litchfield of NGSSoftware has discovered a high risk vulnerability inthein VERITAS Software Backup Exec Web Administration Console (BEWAC) which canallow

for remote code execution.

Affected Products include -
Backup Exec 10.0 for Windows Servers rev. 5484
Backup Exec 9.1 for Windows Servers rev. 4691
Backup Exec 9.0 for Windows Servers rev. 4454
Backup Exec 9.0 for Windows Servers rev. 4367

A Patch can be obtained from -http://seer.support.veritas.com/docs/276606.htm


NGSSoftware are going to withhold details of this flaw for three months.
Full details will be published on the 23rd September 2005. This three month

window will allow users of Veritas Backup Exec Server the time needed toapply the patch

before the details are released to the general public. This reflects
NGSSoftware's approach to responsible disclosure.

NGSSoftware Insight Security Research
http://www.ngssoftware.com
http://www.databasesecurity.com/
+44(0)208 401 0070

Current thread:

Buffer overflow vulnerability in VERITAS Software Backup Exec Web Administration Console (BEWAC) NGSSoftware Insight Security Research (Jun 23)