iDefense Security Advisory 07.11.07 - Remote exploitation of a heap overflow vulnerability in Symantec Backup Exec could allow an unauthenticated attacker to create a denial of service condition or potentially execute arbitrary code. The flaw specifically exists within the RPC server that listens on TCP port 6106. When handling requests using the "ncacn_ip_tcp" protocol, the service will copy a user supplied amount of data into a fixed-size heap buffer. iDefense confirmed the existence of this vulnerability in Symantec Backup Exec 10d with all current hot-fixes and service packs applied. Other versions are suspected to be vulnerable.
e8ff8869659ba283cedb2a4d3ab66109cdb86a20fdb6d95f188dae92cfee6e5d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed