Symantec Veritas Backup Exec for Windows Server contains multiple heap-based buffer overflow vulnerabilities which can allow a remote, authenticated attacker to cause a denial of service or execute arbitrary code.
VERITAS Backup Exec for Windows Server is a data backup and recovery solution with support for network-based backups. The VERITAS Backup Exec Remote Agent is installed on systems that are to be backed up. It listens on TCP port 10000 for messages indicating that a backup should occur.
The remote agent software fails to properly validate incoming packets, which allows a buffer overflow to occur. Specially crafted RPC messages can be used to trigger the buffer overflow, making it possible for an authenticated attacker to exploit this vulnerability.
By sending a specially crafted RPC message to the target system, a remote, autenticated attacker can cause a heap-based buffer overflow. This may allow execution of arbitrary code and gain elevated privileges, or cause a denial of service.
This vulnerability was reported by Symantec, who in turn credit Nicolas Pouvesle from Tenable Network Security.
This document was written by Joseph Pruszynski.
|Date First Published:||2006-08-21|
|Date Last Updated:||2006-08-21 18:09 UTC|