Document ID: 284623
http://support.veritas.com/docs/284623
E-Mail this document to a colleague
http://support.veritas.com/docs/284623
E-Mail this document to a colleague
Symantec Security Advisory SYM06-014 - Backup Exec for NetWare Servers Remote Agent for Windows Servers
Details:
SYM06-014
31 July 2006
Backup Exec:
RPC Interface Heap Overflow, Authorized User Potential Elevation of Privilege
Revision
History
None
Severity
Medium
Supported
Products Affected
Backup Exec 9.1
for Netware Servers Remote Agent for Windows Servers (all builds)
Backup Exec 9.2
for NetWare Servers Remote Agent for Windows Servers (all builds)
Details
Tenable Network
Security http://www.tenablesecurity.com
notified Symantec of heap overflow issues they identified in the RPC interfaces
of the Backup Exec Remote Agent for Windows Servers that is used by Backup Exec
for NetWare Servers to protect remote Windows systems. The overflows occur due
to improper validation and the subsequent handling of input. Successful
exploitation would require the attacker to have authorized but non-privileged
access to the network on which the target system resides. A malicious user who
attempted such an attack may cause the targeted application to crash, or more
rarely could execute arbitrary code to gain elevated privilege on the targeted
system.
Backup
Exec for Netware Servers Remote Agent for Windows Servers should be reinstalled
from the download files listed below:
Backup Exec
9.1.1158.9 for NetWare Servers with RAWS 4691.42 Hotfix 58 (English, French,
German)
Backup Exec
9.2.1401.3 for NetWare Servers with RAWS 5629.3 Hotfix 34 (English, French,
German)
Note:
Backup Exec for Windows Servers, Backup Exec Continuous Protection Server (CPS)
Remote Agent, and other Backup Exec Remote Agents are also vulnerable to heap
overflows from specifically formatted calls to RPC interfaces. For full details
and a complete list of affected Backup Exec for Windows Servers products and
patches developed to address these issues in those products, please see the
following associated Backup Exec for Windows Servers Security
Advisory:
Symantec
Response
Symantec
engineers did in-depth reviews of the reported issue and related file
functionality to further enhance the overall security of Symantec Backup Exec
products and to eliminate any additional concerns. Symantec engineers have at
this time addressed the issue in all currently supported versions of the
identified products.
Security
updates are now available for all supported products. Symantec strongly
recommends all customers apply the latest security update as indicated for their
supported product versions to protect against threats of this nature.
Symantec knows of no exploitation or adverse customer
impact from these issues.
Best
Practices
As part of
normal best practices, Symantec recommends:
- Restrict access to administration or management systems to privileged users.
- Restrict remote access, if required, to trusted/authorized systems only.
- Remove/disable unnecessary accounts or restrict access according to security policy as required.
- Run under the principle of least privilege where possible.
- Keep all operating systems and applications updated with the latest vendor patches.
- Follow a multi-layered approach to security. Run both firewall and antivirus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
- Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to the exploitation of the latest vulnerabilities.
Products Applied:
Backup Exec for NetWare 9.1, 9.2
Backup Exec for NetWare 9.1, 9.2
Last Updated: August 11 2006 02:57 AM GMT
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Subjects:
Backup Exec for NetWare
Application: Agent Support
Publishing Status: Techalert
Backup Exec for NetWare
Application: Agent Support
Publishing Status: Techalert
Languages:
English (US), French, German
English (US), French, German
Operating Systems:
NetWare
NetWare
5.1, 6.0, 6.5, 6.5 OES
Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.