critical
10
CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2005-2611

First published: Wed Aug 17 2005(Updated: )

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Symantec Veritas Backup Exec=netware_server
Veritas NetBackup=netware_media_servers_4.5_mp3
Veritas NetBackup=netware_media_servers_4.5_mp7
Veritas Backup Exec=netware_servers_9.0.4019
Veritas Backup Exec=windows_servers_9.1_rev._4691
Veritas NetBackup=netware_media_servers_4.5_mp4
Veritas NetBackup=netware_media_servers_4.5_fp1
Veritas NetBackup=netware_media_servers_4.5_mp8
Symantec Veritas Backup Exec=windows_server
Veritas NetBackup=netware_media_servers_4.5_fp8
Veritas Backup Exec=windows_servers_9.1
Veritas NetBackup=netware_media_servers_5.1_mp2
Veritas Backup Exec=windows_servers_9.0_rev._4367_sp1
Veritas Backup Exec=netware_servers_9.0.4174
Veritas Backup Exec=windows_servers_9.0_rev._4454
Veritas NetBackup=netware_media_servers_4.5_fp6
Veritas NetBackup=netware_media_servers_4.5_mp5
Veritas NetBackup=netware_media_servers_4.5_fp4
Veritas Backup Exec=netware_servers_9.1.1152
Veritas NetBackup=netware_media_servers_4.5
Veritas Backup Exec=netware_servers_9.1.1156
Veritas NetBackup=netware_media_servers_5.0_mp4
Veritas NetBackup=netware_media_servers_5.0_mp1
Veritas Backup Exec=windows_servers_10.0_rev._5484_sp1
Veritas Backup Exec=windows_servers_9.0
Veritas NetBackup=netware_media_servers_5.1_mp1
Veritas NetBackup=netware_media_servers_4.5_fp3
Veritas NetBackup=netware_media_servers_5.0
Symantec Veritas Backup Exec=unix_linux_server
Veritas Backup Exec=windows_servers_8.6
Veritas Backup Exec=netware_servers_9.1.1151_.1
Veritas Backup Exec=netware_servers_9.1.307
Veritas Backup Exec=netware_servers_9.0.4202
Veritas NetBackup=netware_media_servers_4.5_fp7
Veritas Backup Exec=netware_servers_9.1.1067_.3
Veritas Backup Exec=netware_servers_9.0.4172
Veritas NetBackup=netware_media_servers_5.1_mp3
Veritas Backup Exec=netware_servers_9.1.1127_.1
Veritas NetBackup=netware_media_servers_4.5_fp2
Veritas Backup Exec=netware_servers_9.1.306
Veritas NetBackup=netware_media_servers_4.5_mp2
Veritas NetBackup=netware_media_servers_5.0_mp5
Veritas NetBackup=netware_media_servers_5.0_mp2
Veritas NetBackup=netware_media_servers_4.5_fp5
Veritas NetBackup=netware_media_servers_4.5_mp6
Veritas Backup Exec=windows_servers_9.1_rev._4691_sp2
Veritas Backup Exec=windows_servers_9.0_rev._4367
Veritas NetBackup=netware_media_servers_5.1
Veritas NetBackup=netware_media_servers_4.5_mp1
Veritas Backup Exec=windows_servers_10.0_rev._5484
Veritas Backup Exec=netware_servers_9.0.4170
Veritas NetBackup=netware_media_servers_5.0_mp3
Veritas Backup Exec=netware_servers_9.1.1154
Veritas Backup Exec=windows_servers_9.0_rev._4454_sp1
Veritas Backup Exec=netware_servers_9.1.1067_.2
Veritas Backup Exec=windows_servers_10.0_rev._5520
Veritas Backup Exec=netware_servers_9.1.1152_.4

Remedy

http://secunia.com/advisories/16403

Remedy

http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html

Remedy

http://securitytracker.com/id?1014662

Remedy

http://www.kb.cert.org/vuls/id/378957

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2005-2611?

    CVE-2005-2611 is rated as a critical vulnerability due to its potential to allow unauthorized access to sensitive data.

  • How do I fix CVE-2005-2611?

    To fix CVE-2005-2611, it is recommended to update to a version of the affected software that implements secure password practices.

  • Which software versions are affected by CVE-2005-2611?

    CVE-2005-2611 affects multiple versions of Symantec Veritas Backup Exec and NetBackup for Windows and NetWare.

  • What impact can CVE-2005-2611 have on my system?

    Exploiting CVE-2005-2611 could allow remote attackers to read and write sensitive data, compromising data integrity and confidentiality.

  • Is there a workaround for CVE-2005-2611?

    Currently, the best mitigation for CVE-2005-2611 is to apply the recommended security updates provided by the vendor.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203