Document ID: 284343
http://support.veritas.com/docs/284343
E-Mail this document to a colleague
http://support.veritas.com/docs/284343
E-Mail this document to a colleague
Symantec Security Advisory SYM06-014 - Backup Exec for Windows Servers
Details:
Best Practices
As part of normal best practices, Symantec recommends:
CVE
A CVE Candidate name has been requested from the Common Vulnerabilities and Exposures (CVE) initiative for this issue. This advisory will be revised accordingly upon receipt of the CVE Candidate name.
This issue is a candidate for inclusion in the CVE list, http://cve.mitre.org , which standardizes names for security problems.
Credit
Symantec thanks Nicolas Pouvesle from Tenable Network Security for reporting this finding to us and for excellent coordination while resolving the issue.
SYM06-014
31 July 2006
Backup Exec: RPC Interface Heap Overflow, Authorized User Potential Elevation of Privilege
Revision History
None
Severity
Medium
Overview
Backup Exec for Windows Servers, Continuous Protection Server Remote Agent, and other Backup Exec Remote Agents are vulnerable to heap overflows from specifically formatted calls to RPC interfaces.
Supported Products Affected
Note: Only the products and versions listed above are affected by these issues. Product versions prior to those listed above are not supported. Customers running legacy product versions should upgrade to a supported version of Backup Exec and apply all available updates.
Details
Tenable Network Security, http://www.tenablesecurity.com/ , notified Symantec of heap overflow issues they identified in the RPC interfaces of Backup Exec for Windows Servers and associated remote agents. The overflows occur due to improper validation and the subsequent handling of input. Successful exploitation would require the attacker to have authorized but non-privileged access to the network on which the target system resides. A malicious user who attempted such an attack may cause the targeted application to crash, or more rarely could execute arbitrary code to gain elevated privilege on the targeted system.
Symantec Response
Symantec engineers did in-depth reviews of the reported issue and related file functionality to further enhance the overall security of Symantec Backup Exec products and to eliminate any additional concerns. Symantec engineers have at this time addressed the issue in all currently supported versions of the identified products.
Security updates are now available for all supported products. Symantec strongly recommends all customers apply the latest security update as indicated for their supported product versions to protect against threats of this nature.
Symantec knows of no exploitation or adverse customer impact from these issues.
Hotfixes for the affected products are available from the following locations:
31 July 2006
Backup Exec: RPC Interface Heap Overflow, Authorized User Potential Elevation of Privilege
Revision History
None
Severity
Medium
| Property | Yes/No |
|---|---|
| Remote Access | Yes |
| Local Access | No |
| Authentication Required | Yes |
| Exploit publicly available | No |
Overview
Backup Exec for Windows Servers, Continuous Protection Server Remote Agent, and other Backup Exec Remote Agents are vulnerable to heap overflows from specifically formatted calls to RPC interfaces.
Supported Products Affected
| Product | Version | Build | Solution(s) |
|---|---|---|---|
| Backup Exec for Windows Server and Remote Agent | 9.1 | 9.1.4691 | Hotfix Available |
| Backup Exec for Windows Server and Remote Agent | 10.0 | 10.0.5484 | Hotfix Available |
| Backup Exec for Windows Server and Remote Agent | 10.0 | 10.0.5520 | Hotfix Available |
| Backup Exec for Windows Server and Remote Agent | 10.1 | 10.1.5629 | Hotfix Available |
| Backup Exec Continuous Protection Server Remote Agent for Windows Server | 10.1 | 10.1.325.6301 | Hotfix Available |
| Backup Exec Continuous Protection Server Remote Agent for Windows Server | 10.1 | 10.1.326.1401 | Hotfix Available |
| Backup Exec Continuous Protection Server Remote Agent for Windows Server | 10.1 | 10.1.326.2501 | Hotfix Available |
| Backup Exec Continuous Protection Server Remote Agent for Windows Server | 10.1 | 10.1.326.3301 | Hotfix Available |
| Backup Exec Continuous Protection Server Remote Agent for Windows Server | 10.1 | 10.1.327.401 | Hotfix Available |
Note: Only the products and versions listed above are affected by these issues. Product versions prior to those listed above are not supported. Customers running legacy product versions should upgrade to a supported version of Backup Exec and apply all available updates.
Details
Tenable Network Security, http://www.tenablesecurity.com/ , notified Symantec of heap overflow issues they identified in the RPC interfaces of Backup Exec for Windows Servers and associated remote agents. The overflows occur due to improper validation and the subsequent handling of input. Successful exploitation would require the attacker to have authorized but non-privileged access to the network on which the target system resides. A malicious user who attempted such an attack may cause the targeted application to crash, or more rarely could execute arbitrary code to gain elevated privilege on the targeted system.
Symantec Response
Symantec engineers did in-depth reviews of the reported issue and related file functionality to further enhance the overall security of Symantec Backup Exec products and to eliminate any additional concerns. Symantec engineers have at this time addressed the issue in all currently supported versions of the identified products.
Security updates are now available for all supported products. Symantec strongly recommends all customers apply the latest security update as indicated for their supported product versions to protect against threats of this nature.
Symantec knows of no exploitation or adverse customer impact from these issues.
Hotfixes for the affected products are available from the following locations:
Backup Exec 10d (10.1) for
Windows Servers rev. 5629, Hotfix 34
Backup Exec 10.0 for Windows
Servers rev. 5520, Hotfix 32
Backup Exec 10.0 for Windows
Servers rev. 5484, Hotfix 36
Backup Exec 9.1 for Windows
Servers rev. 4691, Hotfix 58
Backup Exec Continuous
Protection Server 10d(10.1) all builds, Hotfix 5
Note:
The Backup Exec for NetWare Servers Remote Agent for Windows Servers is also
vulnerable to heap overflows from specifically formatted calls to RPC
interfaces. For full details and a complete list of affected Backup Exec for
NetWare Servers products and patches developed to address these issues in those
products, please see the following associated Backup Exec for NetWare Servers
Security Advisory:
Best Practices
As part of normal best practices, Symantec recommends:
- Restrict access to administration or management systems to privileged users.
- Restrict remote access, if required, to trusted/authorized systems only.
- Remove/disable unnecessary accounts or restrict access according to security policy as required.
- Run under the principle of least privilege where possible.
- Keep all operating systems and applications updated with the latest vendor patches.
- Follow a multi-layered approach to security. Run both firewall and antivirus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
- Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to the exploitation of the latest vulnerabilities.
CVE
A CVE Candidate name has been requested from the Common Vulnerabilities and Exposures (CVE) initiative for this issue. This advisory will be revised accordingly upon receipt of the CVE Candidate name.
This issue is a candidate for inclusion in the CVE list, http://cve.mitre.org , which standardizes names for security problems.
Credit
Symantec thanks Nicolas Pouvesle from Tenable Network Security for reporting this finding to us and for excellent coordination while resolving the issue.
Related Documents:
http://support.veritas.com/docs/284429
http://support.veritas.com/docs/284432
http://support.veritas.com/docs/284433
http://support.veritas.com/docs/284447
http://support.veritas.com/docs/284623
http://support.veritas.com/docs/284241
http://support.veritas.com/docs/284429
http://support.veritas.com/docs/284432
http://support.veritas.com/docs/284433
http://support.veritas.com/docs/284447
http://support.veritas.com/docs/284623
http://support.veritas.com/docs/284241
Products Applied:
Backup Exec for Windows Servers 10.0 5484, 10.0 5520, 10d (10.1) 5629, 9.1 4691
Backup Exec for Windows Servers Continuous Protection Server 10d (10.1) 6301
Backup Exec for Windows Servers 10.0 5484, 10.0 5520, 10d (10.1) 5629, 9.1 4691
Backup Exec for Windows Servers Continuous Protection Server 10d (10.1) 6301
Last Updated: August 11 2006 12:49 PM GMT
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Subjects:
Backup Exec for Windows Servers
Application: Backup
Publishing Status: Techalert
Remote Agent For Windows Servers: Troubleshoot
Backup Exec for Windows Servers Continuous Protection Server
Security: Backup
Backup Exec for Windows Servers
Application: Backup
Publishing Status: Techalert
Remote Agent For Windows Servers: Troubleshoot
Backup Exec for Windows Servers Continuous Protection Server
Security: Backup
Languages:
English (US), French, German, Spanish, Italian, Japanese, Chinese, Korean
English (US), French, German, Spanish, Italian, Japanese, Chinese, Korean
Operating Systems:
Windows 2000
Windows 2000
Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, Server, Server Windows Powered
Windows NT
4.0 Server SP6a, 4.0 Workstation SP6a
Windows NT Small Business Server
2000, 4.0, 4.5
Windows XP
Pro 5.1
Windows Server 2003
DataCenter, Enterprise Server, R2, Standard Server, Storage Server, Web Server
Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.