CVE-2005-2611

Name of the Vulnerable Software and Affected Versions VERITAS Backup Exec for Windows Servers versions 8.6 through 10.0 VERITAS Backup Exec for NetWare Servers versions 9.0 and 9.1 VERITAS NetBackup for NetWare Media Server Option versions 4.5 through 5.1

Description The issue allows remote attackers to read and write arbitrary files with the backup server due to the use of a static password during authentication from the NDMP agent to the server.

Recommendations For VERITAS Backup Exec for Windows Servers versions 8.6 through 10.0, consider disabling the NDMP agent authentication until a patch is available. For VERITAS Backup Exec for NetWare Servers versions 9.0 and 9.1, restrict access to the backup server to minimize the risk of exploitation. For VERITAS NetBackup for NetWare Media Server Option versions 4.5 through 5.1, avoid using the static password for authentication until the issue is resolved.