---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Symantec Backup Exec Job Engine Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA26975 VERIFY ADVISORY: http://secunia.com/advisories/26975/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Symantec Backup Exec for Windows Servers 11.x http://secunia.com/product/14564/ DESCRIPTION: Secunia Research has discovered some vulnerabilities in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A NULL-pointer dereference error in the Backup Exec Job Engine service (bengine.exe) when handling exceptions can be exploited to crash the service by sending a specially crafted packet to default port 5633/TCP. 2) Two integer overflow errors within the Backup Exec Job Engine service can be exploited to e.g. cause the service to enter an infinite loop and exhaust all available memory or consume large amounts of CPU resource by sending a specially crafted packet to default port 5633/TCP. The vulnerabilities are confirmed in Symantec Backup Exec for Windows Servers version 11d build 11.0.7170 and also affect version 11d build 11.0.6.6235. SOLUTION: Apply hotfixes. Build 11.0.6235: http://support.veritas.com/docs/294241 Build 11.0.7170: http://support.veritas.com/docs/294237 PROVIDED AND/OR DISCOVERED BY: JJ Reyes, Secunia Research. ORIGINAL ADVISORY: SYM07-029 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html Secunia Research: http://secunia.com/secunia_research/2007-74/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------