Threat Level: green Handler on Duty: Tom Webb

SANS ISC: InfoSec Handlers Diary Blog - Symantec Backup Exec for Windows Server InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Symantec Backup Exec for Windows Server

Published: 2007-07-13
Last Updated: 2007-07-13 18:33:37 UTC
by Deborah Hale (Version: 1)
0 comment(s)

An advisory has been issued by Symantec for their Backup Exec product.  According to the advisory a vulnerability exists that may result in an  RPC Interface Heap Overflow, Denial of Service on versions 10.x and 11.0 for Windows Servers. 

seer.entsupport.symantec.com/docs/289731.htm

The advisory indicates that hotfixes are available at:  seer.entsupport.symantec.com/docs/289283.htm

Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CVE-2007-3509 to this issue. This issue is a candidate for inclusion in the CVE list  cve.mitre.org , which standardizes names for security problems.

In order to fully execute this vulnerability the user must have administrative privileges.  Again another good reason to restrict user access whenever possible.

 

There is also an advisory from Secunia containing information about 2 vulnerabilities that exist in various Symantec products including  Internet Security and Brightmail.  Again to fully execute the user must have administrative privileges.

secunia.com/advisories/26053/

 

 

 

Keywords:
0 comment(s)
Diary Archives