Description: A vulnerability has been reported in Backup Exec, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to some boundary errors in the RPC interfaces of the Backup Exec Remote Agent and can be exploited to cause heap-based buffer overflows.
Successful exploitation crashes the service and may allow execution of arbitrary code.
Solution: Update to a fixed version (see vendor advisory for details).
Provided and/or discovered by: The vendor credits Nicolas Pouvesle, Tenable Network Security.
Changelog: 2006-08-14: Added link to new vendor advisory. Added version 10.x as affected.
2006-08-18: Added CVE reference.
2006-08-22: Added link to US-CERT.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.