ID CVE-2002-1117
Summary Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec_veritas:backup_exec:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2016-02-19T10:00:00.000-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
description Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
family windows
id oval:org.mitre.oval:def:1036
status accepted
submitted 2004-06-15T12:00:00.000-04:00
title Veritas Backup Exec RestrictAnonymous Forced Misconfiguration Vulnerability
version 3
refmap via4
bugtraq
  • 20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
  • 20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?
confirm http://seer.support.veritas.com/docs/238618.htm
osvdb 8230
xf veritas-backupexec-restrictanonymous-zero(10093)
Last major update 10-10-2017 - 01:30
Published 04-10-2002 - 04:00
Last modified 10-10-2017 - 01:30
Back to Top