Vulnerability Description
VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec Veritas | Backup Exec | netware_servers_9.0.4019 |
| Symantec Veritas | Backup Exec Remote Agent | netware_server |
| Symantec Veritas | Netbackup | netware_media_servers_4.5 |
References
- http://secunia.com/advisories/16403PatchVendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.htmlPatchVendor Advisory
- http://securitytracker.com/id?1014662ExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/378957PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/14551Exploit
- http://www.us-cert.gov/cas/techalerts/TA05-224A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2005/1387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21793
- http://secunia.com/advisories/16403PatchVendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.htmlPatchVendor Advisory
- http://securitytracker.com/id?1014662ExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/378957PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/14551Exploit
- http://www.us-cert.gov/cas/techalerts/TA05-224A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2005/1387
FAQ
What is CVE-2005-2611?
CVE-2005-2611 is a vulnerability with a CVSS score of 10.0 (HIGH). VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authe...
How severe is CVE-2005-2611?
CVE-2005-2611 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2611?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Veritas Backup Exec, Symantec Veritas Backup Exec Remote Agent, Symantec Veritas Netbackup.