Symantec VERITAS Backup Exec BENGINE format string

backupexec-bengine-format-string (25310) The risk level is classified as HighHigh Risk

Description:

VERITAS Backup Exec is vulnerable to a format string attack when job logging is configured with the "full details" option enabled in BENGINE.exe. A remote authenticated attacker in control of a system that is scheduled to be backed up could exploit this vulnerability by hosting a file with a specially-crafted file name which would allow the attacker to execute arbitrary commands or cause the Media Server to crash, once the malicious file is backed up.


Consequences:

Gain Access

Remedy:

Refer to Symantec Security Advisory SYM06-005 for upgrade information. See References.

References:

  • Symantec Security Advisory SYM06-005 : Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job log Format String Overflow .
  • Veritas Support Document 282254: Symantec Security Advisory SYM06-005 - Backup Exec for Windows Servers.
  • BID-17096: Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability
  • CVE-2006-1298: Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec.
  • SA19242: VERITAS Backup Exec Denial of Service and Format String Vulnerabilities
  • SECTRACK ID: 1015785: Veritas Backup Exec for Windows Servers Media Server Format String Bug in BENGINE May Let Remote Users Execute Arbitrary Code
  • VUPEN/ADV-2006-0996: Veritas Backup Exec BENGINE Service Job Logging Format String Vulnerability

Platforms Affected:

  • Microsoft Windows 2003 Server
  • Symantec VERITAS Backup Exec 10.0 Windows
  • Symantec VERITAS Backup Exec 10.1 Windows
  • Symantec VERITAS Backup Exec 10D Windows
  • Symantec VERITAS Backup Exec 9.1 Windows
  • Symantec VERITAS Backup Exec 9.1 rev 4691
  • Symantec VERITAS Backup Exec 9.1 SP2 rev 4691

Reported:

Mar 17, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page