[security-alerts] FW: [SA21472] Backup Exec Remote Agent RPC Interface Buffer Overflows

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> Backup Exec Remote Agent RPC Interface Buffer Overflows
> 
> SECUNIA ADVISORY ID:
> SA21472
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21472/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access, DoS
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> VERITAS Backup Exec 9.x
> http://secunia.com/product/460/
> VERITAS Backup Exec Remote Agent 9.x for Windows Servers
> http://secunia.com/product/7808/
> 
> DESCRIPTION:
> A vulnerability has been reported in Backup Exec, which can be
> exploited by malicious people to cause a DoS (Denial of Service) or
> compromise a vulnerable system.
> 
> The vulnerability is caused due to some boundary errors in the RPC
> interfaces of the Backup Exec Remote Agent and can be exploited to
> cause heap-based buffer overflows.
> 
> Successful exploitation crashes the service and may allow execution
> of arbitrary code.
> 
> The vulnerability has been reported in the following versions:
> * Backup Exec 9.1 for Netware Servers Remote Agent for Windows
> Servers (all builds)
> * Backup Exec 9.2 for NetWare Servers Remote Agent for Windows
> Servers (all builds)
> 
> SOLUTION:
> Update to a fixed version.
> 
> Backup Exec 9.1.1158.9 for NetWare Servers with RAWS 4691.42 Hotfix
> 58 (English, French, German):
> http://support.veritas.com/docs/284643
> 
> Backup Exec 9.2.1401.3 for NetWare Servers with RAWS 5629.3 Hotfix 34
> (English, French, German):
> http://support.veritas.com/docs/284642
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Tenable Network Security.
> 
> ORIGINAL ADVISORY:
> Symantec:
> http://seer.entsupport.symantec.com/docs/284623.htm
> 
>