[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Symantec Security Advisory, SYM06-005

Symantec Security Advisory
17 March 2006 

Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job
log Format String Overflow

Revision History

Low (network/system authorization and specific configuration required)

Remote Access Yes
Local Access No 
Authentication Required Yes 
Exploit publicly available No  

Backup Exec for Windows Servers Media Server is susceptible to a format string 
vulnerability in the job log in BENGINE.exe when job logging is
configured with full details enabled. (Not the default configuration)
An authorized user on the network with a system configured for backup could 
potentially host a specifically-formatted file on their system. If the file 
name is properly mal-formatted AND the backup is being run with job logs 
enabled in Full Details mode, the malicious user could cause a denial of 
service on the Media Server or may potentially be able to run arbitrary code on 
the system hosting the Media Server.

Full Advisory available @