Intrusion Prevention

Symantec.Veritas.Backup.Exec.RPC.Heap.Buffer.Overflow

Description

This indicates an attack attempt against a vulnerability in Symantec Veritas Backup Exec for Windows Server.
The vulnerability is caused by a heap-based buffer overflow which can occur when the vulnerable software handles input sent to an RPC interface. By sending a crafted ncacn_ip_tcp request to TCP port 6106, remote attackers may be able to cause a denial of service or execute arbitrary code.

Affected Products

Symantec Veritas Backup Exec for Windows Servers 11d
Symantec Veritas Backup Exec for Windows Servers 10d
Symantec Veritas Backup Exec for Windows Servers 10.0

Impact

System compromise
Remote code execution

Recommended Actions

Apply the appropriate patch, available from the vendor's site.
Symantec Veritas Backup Exec for Windows Servers 11d
Symantec be6235RHF24_32bit_289292.exe
Backup Exec 11d for Windows Servers revision 6235 32bit Media Server
http://seer.entsupport.symantec.com/docs/289292.htm
Symantec be6235RHF24_x64bit_289293.exe
Backup Exec 11d for Windows Servers revision 6235 x64bit Media Server
http://seer.entsupport.symantec.com/docs/289293.htm
Symantec be7170RHF9_32bit_289294.exe
Backup Exec 11d for Windows Servers revision 7170 32bit Media Server
http://seer.entsupport.symantec.com/docs/289294.htm
Symantec be7170RHF9_x64bit_289295.exe
Backup Exec 11d for Windows Servers revision 7170 x64bit Media Server
http://seer.entsupport.symantec.com/docs/289295.htm
Symantec Veritas Backup Exec for Windows Servers 10d
Symantec be5629RHF49_289291.exe
Backup Exec 10d for Windows Servers revision 5629
http://seer.entsupport.symantec.com/docs/289291.htm
Symantec Veritas Backup Exec for Windows Servers 10.0
Symantec BE5484RHF40_289289.exe
Backup Exec 10.0 for Windows Servers revision 5484
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=BE5484RHF40_289289.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=289289
Symantec BE5520RHF37_289290.exe
Backup Exec 10.0 for Windows Servers revision 5520
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=BE5520RHF37_289290.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=289290

CVE References

CVE-2007-3509