VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability

Summary
This host is running VERITAS Backup Exec Remote Agent for Windows Servers and is prone to buffer overflow vulnerability.
Impact
Successful exploitation will allow attackers to overflow a buffer and execute arbitrary code on the system. Impact Level: System/Application
Solution
Upgrade to Veritas Backup Exec Remote Agent 10.0 rev. 5520 for Windows Servers For updates refer to http://www.symantec.com/index.jsp
Insight
The flaw is due to insufficient input validation on CONNECT_CLIENT_AUTH requests. CONNECT_CLIENT_AUTH requests sent with an authentication method type '3' indicating Windows user credentials, and an overly long password argument can overflow the buffer and lead to arbitrary code execution.
Affected
Veritas Backup Exec Remote Agent versions 9.0 through 10.0 for Windows Servers
References