Symantec Backup Exec for Windows Servers Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1019001
|
|
SecurityTracker URL: http://securitytracker.com/id?1019001
|
|
CVE Reference: CVE-2007-4346
, CVE-2007-4347
(Links to External Site)
|
Date: Nov 27 2007
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Symantec Advisory
|
Version(s): 11d
|
Description: Some vulnerabilities were reported in Symantec Backup Exec for Windows Servers. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to the target Backup Exec for Windows Servers Job Engine service to trigger a null
pointer dereference or an integer overflow. The target service may crash or enter an infinite loop.
JJ Reyes of Secunia Research
reported these vulnerabilities.
|
Impact: A remote user can cause the target service to crash or enter an infinite loop and become unavailable.
|
Solution: The vendor has issued a fix.
For version 11.0.6235:
http://support.veritas.com/docs/294241
For version 11.0.7170:
http://support.veritas.com/docs/294237
The
Symantec advisory is available at:
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html (Links to External Site)
|
Cause: Boundary error, State error
|
Underlying OS: Windows (NT), Windows (2000), Windows (2003), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 27 Nov 2007 14:20:20 -0500
Subject: Symantec Backup Exec for Windows Server: Multiple Denial of Service Issues in Job Engine
|
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html
CVE-2007-4346
CVE-2007-4347
|
|
