Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability
BID:17096
Info
Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability
| Bugtraq ID: | 17096 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1298 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2006 12:00AM |
| Updated: | Feb 20 2007 04:06PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Veritas Software Backup Exec for Windows Servers 9.1 rev. 4691 SP2 Veritas Software Backup Exec for Windows Servers 9.1 rev. 4691 Veritas Software Backup Exec for Windows Servers 9.1 Symantec Veritas Backup Exec for Windows Servers 10.1 Symantec Veritas Backup Exec for Windows Servers 10.0 |
| Not Vulnerable: |
Veritas Software NetBackup for NetWare Media Servers 5.1 MP3 Veritas Software NetBackup for NetWare Media Servers 5.1 MP2 Veritas Software NetBackup for NetWare Media Servers 5.1 MP1 Veritas Software NetBackup for NetWare Media Servers 5.1 Veritas Software NetBackup for NetWare Media Servers 5.0 MP5 Veritas Software NetBackup for NetWare Media Servers 5.0 MP4 Veritas Software NetBackup for NetWare Media Servers 5.0 MP3 Veritas Software NetBackup for NetWare Media Servers 5.0 MP2 Veritas Software NetBackup for NetWare Media Servers 5.0 MP1 Veritas Software NetBackup for NetWare Media Servers 5.0 Veritas Software NetBackup for NetWare Media Servers 4.5 MP8 Veritas Software NetBackup for NetWare Media Servers 4.5 MP7 Veritas Software NetBackup for NetWare Media Servers 4.5 MP6 Veritas Software NetBackup for NetWare Media Servers 4.5 MP5 Veritas Software NetBackup for NetWare Media Servers 4.5 MP4 Veritas Software NetBackup for NetWare Media Servers 4.5 MP3 Veritas Software NetBackup for NetWare Media Servers 4.5 MP2 Veritas Software NetBackup for NetWare Media Servers 4.5 MP1 Veritas Software NetBackup for NetWare Media Servers 4.5 FP8 Veritas Software NetBackup for NetWare Media Servers 4.5 FP7 Veritas Software NetBackup for NetWare Media Servers 4.5 FP6 Veritas Software NetBackup for NetWare Media Servers 4.5 FP5 Veritas Software NetBackup for NetWare Media Servers 4.5 FP4 Veritas Software NetBackup for NetWare Media Servers 4.5 FP3 Veritas Software NetBackup for NetWare Media Servers 4.5 FP2 Veritas Software NetBackup for NetWare Media Servers 4.5 FP1 Veritas Software NetBackup for NetWare Media Servers 4.5 Veritas Software Backup Exec for NetWare Servers 9.1.1156 Veritas Software Backup Exec for NetWare Servers 9.1.1154 Veritas Software Backup Exec for NetWare Servers 9.1.1152 .4 Veritas Software Backup Exec for NetWare Servers 9.1.1152 Veritas Software Backup Exec for NetWare Servers 9.1.1151 .1 Veritas Software Backup Exec for NetWare Servers 9.1.1127 .1 Veritas Software Backup Exec for NetWare Servers 9.1.1067 .3 Veritas Software Backup Exec for NetWare Servers 9.1.1067 .2 Veritas Software Backup Exec for NetWare Servers 9.1.307 Veritas Software Backup Exec for NetWare Servers 9.1.306 |
Discussion
Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability
Veritas Backup Exec Media Server is susceptible to a remote format-string vulnerability. This issue occurs because the application fails to do proper input-sanitization of user-supplied input before sing it in the format-specifier argument of a formatted-printing function.
This issue is exploitable only when the job log is configured to run in 'Full Details' mode. This is not the default configuration mode, nor is it recommended in a production environment due to the excessive amount of disk space required for the log.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploitation attempts likely result in a denial-of-service condition.
Veritas Backup Exec Media Server is susceptible to a remote format-string vulnerability. This issue occurs because the application fails to do proper input-sanitization of user-supplied input before sing it in the format-specifier argument of a formatted-printing function.
This issue is exploitable only when the job log is configured to run in 'Full Details' mode. This is not the default configuration mode, nor is it recommended in a production environment due to the excessive amount of disk space required for the log.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploitation attempts likely result in a denial-of-service condition.
Exploit / POC
Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability
Solution:
Symantec has released an advisory along with fixes to address this issue. Please see the referenced advisory for more information.
Symantec Veritas Backup Exec for Windows Servers 10.1
Symantec Veritas Backup Exec for Windows Servers 10.0
Veritas Software Backup Exec for Windows Servers 9.1
Veritas Software Backup Exec for Windows Servers 9.1 rev. 4691 SP2
Veritas Software Backup Exec for Windows Servers 9.1 rev. 4691
Solution:
Symantec has released an advisory along with fixes to address this issue. Please see the referenced advisory for more information.
Symantec Veritas Backup Exec for Windows Servers 10.1
-
Symantec be5629RHF20_282256.exe
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=be5629RHF20_282256.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=282256
Symantec Veritas Backup Exec for Windows Servers 10.0
-
Symantec be5484RHF33_282259.exe
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=be5484RHF33_282259.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=282259 -
Symantec be5520RHF26_282258.exe
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=be5520RHF26_282258.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=282258
Veritas Software Backup Exec for Windows Servers 9.1
-
Symantec be4691RHF56_282260.exe
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=be4691RHF56_282260.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=282260
Veritas Software Backup Exec for Windows Servers 9.1 rev. 4691 SP2
-
Symantec be4691RHF56_282260.exe
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=be4691RHF56_282260.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=282260
Veritas Software Backup Exec for Windows Servers 9.1 rev. 4691
References
Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability
References:
References: