Secunia

Some vulnerabilities have been reported in VERITAS Backup Exec, which can be exploited by malicious users to cause a DoS and potentially to compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service).

1) Some errors exist within the Backup Exec Remote Agent when handling certain received malformed packets. This can be exploited to cause memory access violations or exhaust system resources, thus causing the service to crash or stop responding until it is restarted.

Successful exploitation causes DoS of the backup functionality.

The vulnerabilities have been reported in the following products:
* Backup Exec 9.2 for NetWare Servers - All Agents (Netware, Windows, & Linux/Unix).
* Backup Exec 9.1 for NetWare Servers - All Agents (NetWare, Windows, & Linux/Unix).
* Backup Exec 10d (10.1) for Windows Servers rev. 5629 - All Remote Agents (RAWS, RANW, & RALUS)
* Backup Exec 10.0 for Windows Servers rev. 5520 - All Remote Agents (RAWS, RANW, & RALUS)
* Backup Exec 10.0 for Windows Servers rev. 5484 - All Remote Agents (RAWS, RANW, & RALUS)
* Backup Exec 9.1 for Windows Servers rev. 4691 - Remote Agent for Windows Servers (RAWS)
* Backup Exec Continuous Protection Server (CPS) - Remote Agent for Windows Server versions 10.1.325.6301, 10.1.326.1401, and 10.1.326.2501.

2) A format string error exists within the job logging functionality of Backup Exec for Windows. This can be exploited to cause a DoS and may allow arbitrary code execution when a file with specially-crafted filename is backed up.

Successful exploitation requires that job logging is configured with "full details" enabled (non-default), and that a malicious user is able to create a file with specially-crafted filename on a system that is backed up.

The vulnerability has been reported in the following products:
* Backup Exec 10d (10.1) for Windows Servers rev. 5629
* Backup Exec 10.0 for Windows Servers rev. 5520
* Backup Exec 10.0 for Windows Servers rev. 5484
* Backup Exec 9.1 for Windows Servers rev. 4691

Solution
Apply updates.
Further details available in Customer Area

Provided and/or discovered by
Reported by vendor.

Changelog
Further details available in Customer Area

Original Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.17a.html
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.17b.html
http://seer.support.veritas.com/docs/282279.htm
http://seer.support.veritas.com/docs/282254.htm
http://seer.support.veritas.com/docs/282255.htm

Deep Links
Links available in Customer Area