Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
BID:26028
Info
Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
| Bugtraq ID: | 26028 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-4346 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 27 2007 12:00AM |
| Updated: | Dec 18 2007 08:06PM |
| Credit: | JJ Reyes of Secunia Research is credited with the discovery of this vulnerability. |
| Vulnerable: |
Symantec Veritas Backup Exec for Windows Servers 11.0.7170 Symantec Veritas Backup Exec for Windows Servers 11.0.6135 |
| Not Vulnerable: | |
Discussion
Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
Symantec Backup Exec for Windows Servers is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted TCP packets.
Exploiting this issue allows remote attackers to crash the listening service, denying further service to legitimate users.
Symantec Backup Exec for Windows Server 11.0.6235 and 11.0.7170 are vulnerable.
Symantec Backup Exec for Windows Servers is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted TCP packets.
Exploiting this issue allows remote attackers to crash the listening service, denying further service to legitimate users.
Symantec Backup Exec for Windows Server 11.0.6235 and 11.0.7170 are vulnerable.
Exploit / POC
Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Symantec Veritas Backup Exec for Windows Servers 11.0.6135
Symantec Veritas Backup Exec for Windows Servers 11.0.7170
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Symantec Veritas Backup Exec for Windows Servers 11.0.6135
-
Symantec Hotfix for Build 6235
http://support.veritas.com/docs/294241
Symantec Veritas Backup Exec for Windows Servers 11.0.7170
-
Symantec Hotfix for Build 7170
http://support.veritas.com/docs/294237
References
Symantec Backup Exec Job Engine Null Pointer Dereference Denial Of Service Vulnerability
References:
References:
- Symantec Backup Exec Homepage (Symantec )
- Symantec Backup Exec Job Engine Denial of Service Vulnerabilities (Secunia Research)
- Secunia Research: Symantec Backup Exec Job Engine Denial of Service (Secunia Research
- Symantec Security Advisory SYM07-029 (Symantec)