|
VERITAS Backup Exec Denial of Service and Format String Vulnerabilities
|
|
Secunia Advisory:
|
SA19242
|
|
|
Release Date:
|
2006-03-20
|
|
Last Update:
|
2006-06-06
|
|
Popularity:
|
9,867 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | VERITAS Backup Exec 10.x
VERITAS Backup Exec 9.x
VERITAS Backup Exec Remote Agent 10.x for Windows Servers
VERITAS Backup Exec Remote Agent 9.x for Windows Servers
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities have been reported in VERITAS Backup Exec, which can be exploited by malicious users to cause a DoS and potentially to compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service).
1) Some errors exist within the Backup Exec Remote Agent when handling certain received malformed packets. This can be exploited to cause memory access violations or exhaust system resources, thus causing the service to crash or stop responding until it is restarted.
Successful exploitation causes DoS of the backup functionality.
The vulnerabilities have been reported in the following products:
* Backup Exec 9.2 for NetWare Servers - All Agents (Netware, Windows, & Linux/Unix).
* Backup Exec 9.1 for NetWare Servers - All Agents (NetWare, Windows, & Linux/Unix).
* Backup Exec 10d (10.1) for Windows Servers rev. 5629 - All Remote Agents (RAWS, RANW, & RALUS)
* Backup Exec 10.0 for Windows Servers rev. 5520 - All Remote Agents (RAWS, RANW, & RALUS)
* Backup Exec 10.0 for Windows Servers rev. 5484 - All Remote Agents (RAWS, RANW, & RALUS)
* Backup Exec 9.1 for Windows Servers rev. 4691 - Remote Agent for Windows Servers (RAWS)
* Backup Exec Continuous Protection Server (CPS) - Remote Agent for Windows Server versions 10.1.325.6301, 10.1.326.1401, and 10.1.326.2501.
2) A format string error exists within the job logging functionality of Backup Exec for Windows. This can be exploited to cause a DoS and may allow arbitrary code execution when a file with specially-crafted filename is backed up.
Successful exploitation requires that job logging is configured with "full details" enabled (non-default), and that a malicious user is able to create a file with specially-crafted filename on a system that is backed up.
The vulnerability has been reported in the following products:
* Backup Exec 10d (10.1) for Windows Servers rev. 5629
* Backup Exec 10.0 for Windows Servers rev. 5520
* Backup Exec 10.0 for Windows Servers rev. 5484
* Backup Exec 9.1 for Windows Servers rev. 4691
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
13th Nov, 2009
|
New advisories:
|
21 |
|
New vulnerabilities:
|
154 |
|
Updated advisories:
|
29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
