Veritas Backup Exec Agent Browser 8.x < 8.60.3878 HF 68 / 9.0.x < 9.0.4454 HF 30 / 9.1.x < 9.1.4691 HF 40 RCE
Critical Nessus Plugin ID 16230
SynopsisThe remote host is affected by a remote code execution vulnerability.
DescriptionThe version of Veritas Backup Exec Agent Browser installed on the remote host is 8.x prior to 8.60.3878 hotfix 68, 9.0.x prior to 9.0.4454 hotfix 30, or 9.1.x prior to 9.1.4691 hotfix 40. It is, therefore, affected by a remote code execution vulnerability in the registration service (benetns.exe) due to a failure to validate the client hostname field during the registration process. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code.
SolutionUpgrade to Veritas Backup Exec Agent Browser 8.60.3878 hotfix 68 / 9.0.4454 hotfix 30 / 9.1.4691 hotfix 40 or later.