Title: Symantec Backup Exec Job Engine Multiple Integer Overflow Vulnerabilities
Severity: MODERATE
Description:
Symantec Backup Exec is an application for protecting, managing, and recovering sensitive data.
Backup Exec is prone to two remote integer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
These issues occur when the application's 'bengine.exe' Job Engine service handles specially crafted packets. By default, this service listens on TCP port 5633.
An attacker can exploit these issues to cause an infinite loop that will exhaust memory or consume excessive CPU resources. Successful attacks will cause denial-of-service conditions.
Symantec Backup Exec for Windows Server 11.0.6235 and 11.0.7170 are vulnerable.
Affected Products:
- Symantec Veritas Backup Exec for Windows Servers 11.0.6135
- Symantec Veritas Backup Exec for Windows Servers 11.0.7170
References:
- Secunia Research: Symantec Backup Exec Job Engine Denial of Service Vulnerabilities
- Symantec: SYM07-029 Symantec Backup Exec for Windows Server: Multiple Denial of Service Is
- Symantec: Symantec Backup Exec Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
