Symantec VERITAS Backup Exec application memory error denial of service

backupexec-app-memory-dos (25309) The risk level is classified as MediumMedium Risk

Description:

VERITAS Backup Exec is vulnerable to a denial of service attack caused by unspecified application memory errors. A remote attacker could exploit this vulnerability to consume all available memory resources or cause the process to crash.


Consequences:

Denial of Service

Remedy:

Refer to Symantec Security Advisory SYM06-004 for upgrade information. See References.

References:

  • Symantec Security Advisory SYM06-004 : Veritas Backup Exec: Application Memory Denial of Service.
  • Veritas Support Document 282255: Symantec Security Advisory SYM06-004 - Backup Exec Remote Agents (RAWS, RANW, & RALUS).
  • BID-17098: Veritas Backup Exec Multiple Remote Denial of Service Vulnerabilities
  • CVE-2006-1297: Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to memory errors.
  • SA19242: VERITAS Backup Exec Denial of Service and Format String Vulnerabilities
  • SECTRACK ID: 1015784: Symantec Veritas Backup Exec Memory Errors Let Remote Users Deny Service
  • VUPEN/ADV-2006-0995: Veritas Backup Exec Multiple Unspecified Remote Denial of Service Vulnerabilities

Platforms Affected:

  • Microsoft Windows 2003 Server
  • Symantec VERITAS Backup Exec 9.1 NetWare
  • Symantec VERITAS Backup Exec 9.2 NetWare
  • Symantec VERITAS Backup Exec Remote Agent 10.0 UNIX Linux
  • Symantec VERITAS Backup Exec Remote Agent 10.0
  • Symantec VERITAS Backup Exec Remote Agent 10.1 UNIX Linux
  • Symantec VERITAS Backup Exec Remote Agent 10.1
  • Symantec VERITAS Backup Exec Remote Agent 9.1 NetWare
  • Symantec VERITAS Backup Exec Remote Agent 9.1
  • Symantec VERITAS Backup Exec Remote Agent 9.2 NetWare

Reported:

Mar 17, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page