发布日期：2005-06-28
更新日期：2005-10-10

受影响系统：

Veritas Backup Exec 9.x
Veritas Backup Exec 10.x

描述：

---

CVE(CAN) ID: CVE-2005-0772

VERITAS Backup Exec是新一代备份和恢复解决方案。

VERITAS Backup Exec 9.0-10.0 for Windows Servers允许远程攻击者通过NDMLSRVR.DLL内的特制报文或具有无效"Error Status"值的请求报文触发空指针引用，造成拒绝服务，远程代理崩溃。

<*来源：Sebastian Apelt （webmaster@buzzworld.org）
  
  链接：http://secunia.com/advisories/15789
        http://securitytracker.com/id?1014273
*>

建议：

---

厂商补丁：

Veritas
-------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：


VERITAS Backup Exec 9.0 rev. 4367 for Windows Servers Hotfix 21
http://support.veritas.com/docs/276156

VERITAS Backup Exec 9.0 rev. 4454 for Windows Servers Hotfix 31
http://support.veritas.com/docs/275911

VERITAS Backup Exec 9.1 rev. 4691 for Windows Servers Hotfix 52
http://support.veritas.com/docs/275909

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers Hotfix 24
http://support.veritas.com/docs/275514

VERITAS Backup Exec 9.0.4202 for NetWare Servers Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421

VERITAS Backup Exec 10.0 rev. 5484 for Windows Servers - upgrade to Backup Exec 10.0 rev. 5520 http://support.veritas.com/docs/277181

VERITAS Backup Exec 10.0 rev. 5484 and rev. 5520 for Windows Servers
(Remote Agent for NetWare Servers fix only):
http://support.veritas.com/docs/277478

VERITAS Backup Exec 9.0.4202 for NetWare Hotfix 1
http://support.veritas.com/docs/277423

VERITAS Backup Exec 9.1.xxxx for NetWare Servers upgrade to Backup Exec 9.1.1156
http://support.veritas.com/docs/277421

浏览次数：1895
严重程度：0（网友投票）