Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 23:13:56 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1587666353&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0412-advisories%2F12.16.04-5.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1587666353.1338160436.1338160436.1338160436.1%3B%2B__utmz%3D32867617.1338160436.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/35380/12.16.04-5.txt http://packetstormsecurity.org/files/35380/12.16.04-5.txt http://packetstormsecurity.org/files/35380/iDEFENSE-Security-Advisory-2004-12-16.5.html Thu, 30 Dec 2004 09:05:22 GMT iDEFENSE Security Advisory 12.16.2004-5 - Remote exploitation of a stack-based buffer overflow vulnerability in Veritas Backup Exec allows attackers to execute arbitrary code. The vulnerability specifically exists within the function responsible for receiving and parsing registration requests. The registration request packet contains the hostname and connecting TCP port of the client which is stored in an array on the stack. An attacker can send a registration request with an overly long hostname value to overflow the array and take control of the saved return address to execute arbitrary code.