Symantec Security Advisory SYM07-015 - Backup Exec 10.x and 11d for Windows Servers
| Article:TECH52470 | | | Created: 2007-01-29 | | | Updated: 2008-01-22 | | | Article URL http://www.symantec.com/docs/TECH52470 |
Problem
Symantec Security Advisory SYM07-015 - Backup Exec 10.x and 11d for Windows Servers
Solution
Symantec Security
Advisory
SYM07-015
11 July, 2007
Symantec Backup Exec for Windows Server: RPC Interface Heap Overflow, Denial of Service
Revision History
None
Severity
High
Overview
Symantec Backup Exec for Windows Servers is vulnerable to a denial of service attack (DoS) from specifically formatted calls to a registered RPC interface.
Affected Products
SYM07-015
11 July, 2007
Symantec Backup Exec for Windows Server: RPC Interface Heap Overflow, Denial of Service
Revision History
None
Severity
High
| Remote Access | Yes |
| Local Access | No |
| Authentication Required | No |
| Exploit publicly available | No |
Overview
Symantec Backup Exec for Windows Servers is vulnerable to a denial of service attack (DoS) from specifically formatted calls to a registered RPC interface.
Affected Products
| Backup Exec for Windows Servers | 10.0 | 10.0.5484 |
| Backup Exec for Windows Servers | 10.0 | 10.0.5520 |
| Backup Exec for Windows Servers | 10.1 | 10.1.5629 |
| Backup Exec for Windows Servers | 11.0 | 11.0.6235 |
| Backup Exec for Windows Servers | 11.0 | 11.0.7170 |
- Only the products and versions listed above are affected by these issues.
- This issue impacts the Backup Exec media server only.
- Client-side remote agents are not affected by this issue.
- Product versions prior to those listed above are no longer supported. Customers running legacy product versions should upgrade and then apply available updates.
Details:
iDefense notified Symantec of a DoS vulnerability that they identified in one of the RPC interfaces in Symantec Backup Exec for Window Servers. The DoS could occur due to improper validation and subsequent handling of user input. Successful exploitation requires successful access to the listening port, which in a normal installation would require the attacker to have authorized but non-privileged access to the network on which the targeted application resides. A successful attack would normally result in termination of the targeted service, but there is the potential that specifically designed malware could potentially lead to arbitrary code execution and elevated access on the targeted system.
Symantec Response:
Symantec engineers did an in-depth review of the reported issue and related file functionality. Symantec addressed this issue in all currently supported versions of the identified products and further enhanced the overall security of Symantec Backup Exec for Windows Servers. Security updates are available for all supported versions of Backup Exec.
Symantec strongly recommends that all customers apply the latest security update as indicated for their supported product versions to protect against threats of this nature.
Symantec knows of no exploitation of or adverse customer impact from these issues.
The hotfixes for the affected products are listed in the following supporting article:
http://seer.entsupport.symantec.com/docs/289283.htm
Best Practices:
As part of normal best practices, Symantec recommends:
• Restrict access to
administration or management systems to authorized privileged users
• Block remote access to
all ports not essential for efficient operation
• Restrict remote access,
if required, to trusted/authorized systems only
• Remove/disable
unnecessary accounts or restrict access according to security policy as required
• Run under the principle
of least privilege where possible
• Keep all operating
systems and applications updated with the latest vendor patches
• Follow a multi-layered
approach to security. Run both firewall and antivirus applications, at a
minimum, to provide multiple points of detection and protection to both inbound
and outbound threats
• Deploy network intrusion
detection systems to monitor network traffic for signs of anomalous or
suspicious activity. This may aid in detection of attacks or malicious activity
related to exploitation of latest vulnerabilities
Credit:
Symantec would like to thank iDefense, who reported the vulnerability identified by an anonymous finder, and coordinated closely with Symantec to resolve the issue.
References:
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CVE-2007-3509 to this issue. This issue is a candidate for inclusion in the CVE list http://cve.mitre.org , which standardizes names for security problems.
SecurityFocus http://www.securityfocus.com has assigned Bugtraq ID BID 23897 to this issue for inclusion in the SecurityFocus vulnerability database.
|
|
Related Articles
Legacy ID
289731
Article URL http://www.symantec.com/docs/TECH52470
Terms of use for this information are found in Legal Notices
Thank you.