Description: A vulnerability has been reported in Symantec Backup Exec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the handling of input sent to an RPC interface. This can be exploited to cause a heap-based buffer overflow by sending specially crafted requests using the "ncacn_ip_tcp" protocol to default port 6106/TCP.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following versions:
* Backup Exec for Windows Servers version 10.0 build 10.0.5484
* Backup Exec for Windows Servers version 10.0 build 10.0.5520
* Backup Exec for Windows Servers version 10d build 10.1.5629
* Backup Exec for Windows Servers version 11d build 11.0.6235
* Backup Exec for Windows Servers version 11d build 11.0.7170
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.