APP: Veritas File Dump
This signature detects the exploitation of the File Dump vulnerability in the Veritas backup packages. This vulnerability allows information leakage, which could be used to assist other attacks.
Extended Description
Veritas Backup Exec for Windows Servers, Veritas Backup Exec for NetWare Servers, NetBackup for NetWare Media Server Option, and Remote Agents for Windows, Unix/Linux, and NetWare servers are prone to a vulnerability regarding the unauthorized downloading of arbitrary files. A remote attacker can exploit this vulnerability to download arbitrary files, aiding them in further attack. A Metasploit Framework exploit is available and there are reports of this vulnerability currently being exploited in the wild.
Affected Products
Veritas_software backup_exec_for_windows_servers
References
BugTraq: 14551
CVE: CVE-2005-2611
URL: http://www.frsirt.com/exploits/20050811.backupexec_dump.pm.php
Short Name
APP:VERITAS:VERITAS-FILE-DUMP
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2005-2611 Dump File Veritas bid:14551
Release Date
08/31/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Veritas_software
CVSS Score
10.0