CERTVU:647796Symantec Veritas Backup Exec for Windows Server vulnerable to heap-based buffer overflow
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.079 Low
EPSS
Percentile
94.2%
Overview
Symantec Veritas Backup Exec for Windows Server contains multiple heap-based buffer overflow vulnerabilities which can allow a remote, authenticated attacker to cause a denial of service or execute arbitrary code.
Description
VERITAS Backup Exec for Windows Server is a data backup and recovery solution with support for network-based backups. The VERITAS Backup Exec Remote Agent is installed on systems that are to be backed up. It listens on TCP port 10000 for messages indicating that a backup should occur.
The remote agent software fails to properly validate incoming packets, which allows a buffer overflow to occur. Specially crafted RPC messages can be used to trigger the buffer overflow, making it possible for an authenticated attacker to exploit this vulnerability.
The following products are affected:
* Backup Exec for Windows Server and Remote Agent 9.1 9.1.4691
* Backup Exec for Windows Server and Remote Agent 10.0 10.0.5484
* Backup Exec for Windows Server and Remote Agent 10.0 10.0.5520
* Backup Exec for Windows Server and Remote Agent 10.1 10.1.5629
* Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.325.6301
* Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.326.1401
* Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.326.2501
* Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.326.3301
* Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 10.1.327.401
* Backup Exec for Netware Server Remote Agent for Windows Server 9.1 All
* Backup Exec for Netware Server Remote Agent for Windows Server 9.2 All
Impact
By sending a specially crafted RPC message to the target system, a remote, autenticated attacker can cause a heap-based buffer overflow. This may allow execution of arbitrary code and gain elevated privileges, or cause a denial of service.
Solution
Upgrade
Apply the update provided by Symantec. Refer to Synantec Advisory SYM06-014 for more information.
Vendor Information
647796
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Symantec, Inc. __ Affected
Notified: August 18, 2006 Updated: August 18, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Upgrade
Apply the update provided by Symantec. Refer to Synantec Advisory SYM06-014 for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23647796 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://securityresponse.symantecsecurity/Content/2006.08.11.html>
- <http://secunia.com/advisories/21472/>
- <http://www.securityfocus.com/bid/19479>
- <http://xforce.iss.net/xforce/xfdb/28336>
Acknowledgements
This vulnerability was reported by Symantec, who in turn credit Nicolas Pouvesle from Tenable Network Security.
This document was written by Joseph Pruszynski.
Other Information
| CVE IDs: | CVE-2006-4128 |
|---|---|
| Severity Metric: | 0.30 Date Public: |
Related
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.079 Low
EPSS
Percentile
94.2%