Vulnerability Note VU#213697

Symantec Backup Exec contains heap overflow in RPC interface

Original Release date: 11 Jul 2007 | Last revised: 11 Jul 2007

Overview

Symantec Backup Exec for Windows Servers contains a vulnerability that may allow a remote attacker to cause a denial of service or potentially execute arbitrary code on an affected system.

Description

Symantec Backup Exec for Windows Servers is a client/server based backup software solution. A heap buffer overflow vulnerability exists in the way one of the Remote Procedure Call (RPC) interfaces provided by this software handles requests using the ncacn_ip_tcp protocol. A remote attacker with the ability to connect to the affected service and supply a specially crafted packet could exploit this vulnerability.

Impact

A remote unauthenticated attacker may be able to cause the affected service to crash, resulting in a denial of service. Symantec reports that the attacker may also potentially be able to execute arbitrary code on the affected system.

Solution

Apply an update from the vendor

Symantec has published Symantec Security Advisory SYM07-015 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Workarounds

You may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by the affected component (6106/tcp). This will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Symantec, Inc.Affected-11 Jul 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

iDefense reported this vulnerability in iDefense PUBLIC ADVISORY: 07.11.07. They credit an anonymous researcher with reporting this vulnerability to them.

This document was written by Chad R Dougherty based on information supplied by Symantec and iDefense.

Other Information

  • CVE IDs: CVE-2007-3509
  • Date Public: 11 Jul 2007
  • Date First Published: 11 Jul 2007
  • Date Last Updated: 11 Jul 2007
  • Severity Metric: 6.30
  • Document Revision: 4

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.