Use-after-free error in Backup Exec - CVE-2017-8895
Published: May 26, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6778
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-8895
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Veritas Technologies
Affected software:
Backup Exec
Backup Exec
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious data. A remote attacker can send specially crafted NDMP data over SSL to TCP port 10000, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to use-after-free error when handling malicious data. A remote attacker can send specially crafted NDMP data over SSL to TCP port 10000, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-8895
Update to version 2014 14.1.1187.1126, 15 14.2.1180.3160, 16 FP1 (16.0.1142.1327).