VERITAS Backup Exec Agent Browser hostname buffer overflow

Added: 04/07/2006
CVE: CVE-2004-1172
BID: 11974
OSVDB: 12418

Background

VERITAS Backup Exec for Windows is a data backup and recovery solution.

Problem

A buffer overflow in the VERITAS Backup Exec Agent Browser allows a remote attacker to execute commands by sending a long, specially crafted hostname in a registration request.

Resolution

Apply the hotfix referenced in VERITAS support document 273419.

References

http://www.kb.cert.org/vuls/id/907729
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=169

Limitations

Exploit works on VERITAS Backup Exec 9.1.

Platforms

Windows

Back to exploit index