Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Veritas Backup Exec Browser Registration Request Buffer Overflow Vulnerability - UPDATE to UNIRAS 718/04

January 2005

Veritas Backup Exec Browser Registration Request Buffer Overflow Vulnerability - UPDATE to UNIRAS 718/04

ID: 00036
Ref: 32/05
Date: 17 January 2005:16:27:54
Version: 1
Title: Veritas Backup Exec Browser Registration Request Buffer Overflow Vulnerability - UPDATE to UNIRAS 718/04
Abstract: Exploition of vulnerability.
Vendors affected: Veritas
Applications affected: Veritas
UNIRAS Briefing 718/04 refers.
http://www.uniras.gov.uk/niscc/docs/br-20041217-00920.html?lang=en

UNIRAS has been advised that exploit code to take advantage of the vulnerability
has been posted to various public mailing lists and several web sites. Reports also
indicate that there is an increase in scanning activity targeting TCP port 6106.

Port 6106 is used by Backup Exec and understood to be targeted by the exploit code.
Veritas also advise that some versions of Backup Exec use TCP port 10000.

UNIRAS recommends that users apply the countermeasures recommended by Veritas.
Additionally, users should consider implementing border filtering on ports 6106 and/or 10000.
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |