发布日期：2005-06-23
更新日期：2011-03-08

受影响系统：

Symantec VERITAS Backup Exec 9.x
Symantec VERITAS Backup Exec 10.x

描述：

---

CVE(CAN) ID: CVE-2005-0771

Veritas Backup Exec是数据保护和系统恢复解决方案。

VERITAS Backup Exec Server (beserver.exe) 9.0 - 10.0 for Windows版本可使未经身份验证的远程攻击者修改注册表。攻击者通过向TCP端口6106上的RPC接口调用方法利用此漏洞。

<*来源：anonymous
  
  链接：http://securitytracker.com/id?1014273
        http://secunia.com/advisories/15789
*>

建议：

---

厂商补丁：

Symantec
--------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers Hotfix 21
http://support.veritas.com/docs/276156

VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers Hotfix 31
http://support.veritas.com/docs/275911

VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers Hotfix 52
http://support.veritas.com/docs/275909

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers Hotfix 24
http://support.veritas.com/docs/275514

VERITAS Backup Exec 9.0.4202 for NetWare Servers Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers - upgrade to Backup Exec 10.0 rev. 5520 http://support.veritas.com/docs/277181

VERITAS Backup Exec 10.0 rev. 5484 and rev. 5520 for Windows Servers
(Remote Agent for NetWare Servers fix only):
http://support.veritas.com/docs/277478

VERITAS Backup Exec 9.0.4202 for NetWare Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421

浏览次数：1599
严重程度：0（网友投票）