CVE-2005-0772

Name of the Vulnerable Software and Affected Versions VERITAS Backup Exec versions 9.0 through 10.0 for Windows Servers VERITAS Backup Exec versions 9.0.4019 through 9.1.307 for Netware

Description The issue allows remote attackers to cause a denial of service, resulting in a Remote Agent crash. This can be achieved via a crafted packet in NDMLSRVR.DLL or a request packet with an invalid Error Status value, which triggers a null dereference.

Recommendations For VERITAS Backup Exec versions 9.0 through 10.0 for Windows Servers, consider disabling the NDMLSRVR.DLL until a patch is available to prevent exploitation. For VERITAS Backup Exec versions 9.0.4019 through 9.1.307 for Netware, restrict the use of request packets with invalid Error Status values to minimize the risk of a Remote Agent crash. At the moment, there is no information about a newer version that contains a fix for this issue.