---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Symantec Backup Exec for Windows Servers Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32810 VERIFY ADVISORY: http://secunia.com/advisories/32810/ CRITICAL: Moderately critical IMPACT: Security Bypass, DoS, System access WHERE: >From local network SOFTWARE: Symantec Backup Exec for Windows Servers 11.x http://secunia.com/advisories/product/14564/ Symantec Backup Exec for Windows Servers 12.x http://secunia.com/advisories/product/17844/ DESCRIPTION: Some vulnerabilities have been reported in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) Multiple errors in several authentication methods used by a Backup Exec Remote Agent can be exploited to gain unauthorized access to the application and e.g. read or delete arbitrary files. 2) An unspecified error in the data management protocol can be exploited to cause a buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires that the attacker is authenticated as a privileged user (the required privileges can also be gained by exploiting vulnerability #1). The vulnerabilities are reported in the following versions: * Backup Exec for Windows Servers version 12.5 build 2213 * Backup Exec for Windows Servers version 12.0 build 1364 * Backup Exec for Windows Servers version 11d build 7170 * Backup Exec for Windows Servers version 11d build 6235 SOLUTION: Apply patches. Backup Exec for Windows Servers version 12.5 build 2213: http://support.veritas.com/docs/314380 Backup Exec for Windows Servers version 12.0 build 1364: http://support.veritas.com/docs/314497 Backup Exec for Windows Servers version 11d build 7170: http://support.veritas.com/docs/314512 Backup Exec for Windows Servers version 11d build 6235: http://support.veritas.com/docs/314515 PROVIDED AND/OR DISCOVERED BY: The vendor credits Renaud Deraison and Nicolas Pouvesle of Tenable Network Security. ORIGINAL ADVISORY: Symantec (SYM08-021): http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------