{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Veritas Backup Exec for Windows Servers 10.0 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas Backup Exec for Windows Servers 9.1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas NetBackup for NetWare Media Server Option 5.0 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Veritas Backup Exec for NetWare Servers 9.0 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas Backup Exec for NetWare Servers 9.1 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas NetBackup for NetWare Media Server Option 5.1.","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas Backup Exec Remote Agent for NetWare Servers ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas NetBackup for NetWare Media Server Option 4.5 FP ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas Backup Exec for Windows Servers 8.6 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas Backup Exec for Windows Servers 9.0 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas NetBackup for NetWare Media Server Option 4.5 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas Backup Exec Remote Agent for Unix or Linux Servers ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Veritas Backup Exec Remote Agent for Windows Servers ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9, li\u00e9e \u00e0 l'utilisation d'un mot de passe statique lors\ndu processus d'authentification entre les agents et les serveurs des\nproduits Veritas, a \u00e9t\u00e9 d\u00e9couverte. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\nexploit\u00e9e par un utilisateur mal intentionn\u00e9 afin d'obtenir un acc\u00e8s\ndistant et de t\u00e9l\u00e9charger des fichiers vers ou depuis le serveur de\nsauvegarde.\n\n## Contournement provisoire\n\nFiltrer le port 10000/tcp.\n\n## Solution\n\nAppliquer le correctif de Symantec tel qu'indiqu\u00e9 dans le bulletin de\ns\u00e9curit\u00e9 SYM05-011 (voir Documentation).\n","cves":[],"links":[{"title":"Correctifs pour Veritas Backup Exec for Windows Servers :","url":"http://support.veritas.com/docs/278434"},{"title":"Correctifs pour Veritas Backup Exec for NetWare Servers :","url":"http://support.veritas.com/docs/278431"},{"title":"Correctifs pour Veritas NetBackup for NetWare Media Server    Option :","url":"http://support.veritas.com/docs/278430"}],"reference":"CERTA-2005-AVI-313","revisions":[{"description":"version initiale.","revision_date":"2005-08-16T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 dans Veritas Backup Exec et dans Veritas NetBackup","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 de Symantec SYM05-011 du 12 ao\u00fbt 2005","url":"http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html"}]}