SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#647796

Symantec Veritas Backup Exec for Windows Server vulnerable to heap-based buffer overflow

Overview

Symantec Veritas Backup Exec for Windows Server contains multiple heap-based buffer overflow vulnerabilities which can allow a remote, authenticated attacker to cause a denial of service or execute arbitrary code.

I. Description

VERITAS Backup Exec for Windows Server is a data backup and recovery solution with support for network-based backups. The VERITAS Backup Exec Remote Agent is installed on systems that are to be backed up. It listens on TCP port 10000 for messages indicating that a backup should occur.

The remote agent software fails to properly validate incoming packets, which allows a buffer overflow to occur. Specially crafted RPC messages can be used to trigger the buffer overflow, making it possible for an authenticated attacker to exploit this vulnerability.

The following products are affected:

  • Backup Exec for Windows Server and Remote Agent 9.1 9.1.4691
  • Backup Exec for Windows Server and Remote Agent 10.0 10.0.5484
  • Backup Exec for Windows Server and Remote Agent 10.0 10.0.5520
  • Backup Exec for Windows Server and Remote Agent 10.1 10.1.5629
  • Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.325.6301
  • Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.326.1401
  • Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.326.2501
  • Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.326.3301
  • Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.327.401
  • Backup Exec for Netware Server Remote Agent for Windows Server 9.1 All
  • Backup Exec for Netware Server Remote Agent for Windows Server 9.2 All

II. Impact

By sending a specially crafted RPC message to the target system, a remote, autenticated attacker can cause a heap-based buffer overflow. This may allow execution of arbitrary code and gain elevated privileges, or cause a denial of service.

III. Solution

Upgrade


Apply the update provided by Symantec. Refer to Synantec Advisory SYM06-014 for more information.

Systems Affected

VendorStatusDate NotifiedDate Updated
Symantec, Inc.Vulnerable18-Aug-2006

References


http://securityresponse.symantecsecurity/Content/2006.08.11.html
http://secunia.com/advisories/21472/
http://www.securityfocus.com/bid/19479
http://xforce.iss.net/xforce/xfdb/28336

Credit

This vulnerability was reported by Symantec, who in turn credit Nicolas Pouvesle from Tenable Network Security.

This document was written by Joseph Pruszynski.

Other Information

Date Public:2006-08-12
Date First Published:2006-08-21
Date Last Updated:2006-08-21
CERT Advisory: 
CVE-ID(s):CVE-2006-4128
NVD-ID(s):CVE-2006-4128
US-CERT Technical Alerts: 
Metric:0.30
Document Revision:26

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader