Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free

Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free

This Metasploit module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec’s Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection’s previous SSL session is reused, even though it has previously been freed. This […]

The post Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free appeared first on MondoUnix.