• IDP Daily Update #1343
  posted: 01/06/09
  
• NSM Daily Update #1343
  posted: 01/06/09
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1343
  posted: 01/06/09
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1274
  posted: 01/06/09
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 01/05/09

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Symantec Backup Exec Data Management Protocol Buffer Overflow Vulnerability

Severity: HIGH

Description:

Symantec Backup Exec is a network-enabled backup solution for Novell NetWare and Microsoft Windows platforms.

The application is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue is present in the data management protocol. To exploit this issue, attackers must first be authenticated to the application.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.

Affected Products:

• Symantec Backup Exec for Windows Server 12.0
• Symantec Backup Exec for Windows Server 12.5
• Symantec Backup Exec for Windows Servers 11d

References:

• Symantec: Symantec Backup Exec Homepage
• Symantec: Symantec Security Advisory SYM08-021 - Backup Exec 11d, 12.0 and 12.5 for Window