#VU6778 Use-after-free error in Backup Exec - CVE-2017-8895
Published: May 26, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6778
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-8895
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Backup Exec
Backup Exec
Software vendor:
Veritas Technologies
Veritas Technologies
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious data. A remote attacker can send specially crafted NDMP data over SSL to TCP port 10000, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to use-after-free error when handling malicious data. A remote attacker can send specially crafted NDMP data over SSL to TCP port 10000, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2014 14.1.1187.1126, 15 14.2.1180.3160, 16 FP1 (16.0.1142.1327).