CVE-2005-0771
published 2005-06-23CVE-2005-0771: VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the…
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
54.16%
98.9th percentile
VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symantec_veritas | backup_exec | — | — |
| symantec_veritas | backup_exec | — | — |
| symantec_veritas | backup_exec | — | — |
| symantec_veritas | backup_exec | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated inbound RPC connections to TCP port 6106 targeting beserver.exe (VERITAS Backup Exec Server), which may indicate exploitation attempts to remotely modify the Windows registry. ↗
- →A Metasploit auxiliary module exists for this vulnerability (auxiliary/admin/backupexec/registry); presence of this module's traffic patterns or registry manipulation via the BackupExec RPC service should be treated as a high-confidence exploitation indicator. ↗
- ·Affected versions are VERITAS Backup Exec Server 9.0 through 10.0 for Windows only; scope detection rules accordingly. ↗
- ·The exploit is based on NDR stub information for the RPC interface; detection logic should account for the specific RPC method calls rather than generic port traffic. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/15789http://securitytracker.com/id?1014273http://seer.support.veritas.com/docs/276605.htmhttp://seer.support.veritas.com/docs/277429.htmhttp://www.idefense.com/application/poi/display?id=269&type=vulnerabilities&flashstatus=truehttp://www.kb.cert.org/vuls/id/584505http://www.us-cert.gov/cas/techalerts/TA05-180A.htmlhttp://secunia.com/advisories/15789http://securitytracker.com/id?1014273http://seer.support.veritas.com/docs/276605.htmhttp://seer.support.veritas.com/docs/277429.htmhttp://www.idefense.com/application/poi/display?id=269&type=vulnerabilities&flashstatus=truehttp://www.kb.cert.org/vuls/id/584505http://www.us-cert.gov/cas/techalerts/TA05-180A.html
2005-06-23
Published