CVE-2005-2611

VERITAS Backup Exec - Info Disclosure

Title source: llm

Description

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · remotewindows

https://www.exploit-db.com/exploits/1147

View Code ZIP pw:eip

metasploit WORKING POC

by hdm, Unknown · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/backupexec/dump.rb

View Code ZIP pw:eip

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/16403

[Patch, Vendor Advisory] http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html

[Exploit, Patch, Vendor Advisory] http://securitytracker.com/id?1014662

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/378957

[Exploit] http://www.securityfocus.com/bid/14551

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA05-224A.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/21793

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/1387

Scores

EPSS 0.7963

EPSS Percentile 99.1%

Classification

Status draft

Affected Products (50)

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

symantec_veritas/backup_exec

... and 35 more

Timeline

Published Aug 17, 2005

Tracked Since Feb 18, 2026