Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location

guest · Dec 24, 2020

Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location
Vulnerability Note VU#429301
December 23, 2020
https://kb.cert.org/vuls/id/429301

Overview
Veritas Backup Exec contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files.
Description
CVE-2019-1552
Veritas Backup Exec includes an OpenSSL component that specifies an OPENSSLDIR variable as /usr/local/ssl/.
Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Click to expand...

Impact
By placing a specially-crafted openssl.cnf in the C:\usr\local\ssl directory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Veritas software installed.
Solution
Apply an update
This vulnerability is addressed in Backup Exec 21.1 Hotfix 657517 (Engineering version 21.0.1200.1217) and Backup Exec 20.6 Hotfix 298543 (Engineering version 20.0.1188.2734).
Click to expand...

Log in or Sign up

Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location

guest Guest

Log in or Sign up

Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location

guest Guest

Useful Searches