Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
https://packetstormsecurity.com/files/143192/ssl_uaf.rb.txt
https://packetstormsecurity.com/files/143192/ssl_uaf.rb.txthttps://packetstormsecurity.com/files/143192/Veritas-Symantec-Backup-Exec-SSL-NDMP-Connection-Use-After-Free.htmlThu, 29 Jun 2017 14:26:50 GMTThis Metasploit module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session is reused, even though it has previously been freed. This Metasploit module supports 3 specific versions of the Backup Exec agent in the 14, 15 and 16 series on 64-bit and 32-bit versions of Windows and has been tested from Vista to Windows 10.