ID CVE-2006-4128
Summary Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec_veritas:backup_exec:9.1:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:9.1:*:windows_server_remote_agent:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:9.1_build9.1.4691:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:9.1_build9.1.4691:*:windows_server_remote_agent:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:9.2:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:9.2:*:windows_server_remote_agent:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.0:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.0:*:windows_server_remote_agent:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.0_build10.0.5484:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.0_build10.0.5484:*:windows_server_remote_agent:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.0_build10.0.5520:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.0_build10.0.5520:*:windows_server_remote_agent:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.1:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.1:*:windows_server_remote_agent:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.1.325.6301:*:*:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.1.325.6301:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.1401:*:*:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.1401:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.2501:*:*:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.2501:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.3301:*:*:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.3301:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.1.327.401:*:*:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.1.327.401:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec_veritas:backup_exec:10.1_build10.1.5629:*:windows_server_remote_agent:*:*:*:*:*
    cpe:2.3:a:symantec_veritas:backup_exec:10.1_build10.1.5629:*:windows_server_remote_agent:*:*:*:*:*
CVSS
Base: 6.5 (as of 17-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 19479
bugtraq 20060811 (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow
cert-vn VU#647796
confirm
sectrack 1016683
secunia 21472
sreason 1380
vupen ADV-2006-3266
xf backupexec-rpc-interface-bo(28336)
Last major update 17-10-2018 - 21:33
Published 14-08-2006 - 23:04
Last modified 17-10-2018 - 21:33
Back to Top