|
Family: Windows --> Category: infos
Symantec Backup Exec Multiple Heap Overflow Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for version of Symantec Backup Exec
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host has an application that is susceptible to
multiple heap overflow attacks.
Description :
The Windows remote host contains Backup Exec for Windows Server /
Backup Exec Continuous Protection Server, a commercial backup product.
The version of the software installed on the remote host reportedly
contains several heap overflows involving specially-crafted calls to
its RPC interfaces. Exploitation of these issues may allow a remote
attacker with authorized but non-privileged access to crash the
affected application and possibly to execute arbitrary code and gain
elevated rights on the affected host.
See also :
http://www.symantec.com/avcenter/security/Content/2006.08.11.html
Solution :
Apply the appropriate hotfix as listed in the vendor advisory
referenced above.
Threat Level:
Medium / CVSS Base Score : 4.2
(AV:R/AC:L/Au:R/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|