virus logo Intrusion Prevention

Symantec.Veritas.Backup.Exec.RPC.Heap.Buffer.Overflow

description-logoDescription

This indicates an attack attempt against a vulnerability in Symantec Veritas Backup Exec for Windows Server.
The vulnerability is caused by a heap-based buffer overflow which can occur when the vulnerable software handles input sent to an RPC interface. By sending a crafted ncacn_ip_tcp request to TCP port 6106, remote attackers may be able to cause a denial of service or execute arbitrary code.

affected-products-logoAffected Products

Symantec Veritas Backup Exec for Windows Servers 11d
Symantec Veritas Backup Exec for Windows Servers 10d
Symantec Veritas Backup Exec for Windows Servers 10.0

Impact logoImpact

System compromise
Remote code execution

recomended-action-logoRecommended Actions

Apply the appropriate patch, available from the vendor's site.
Symantec Veritas Backup Exec for Windows Servers 11d
Symantec be6235RHF24_32bit_289292.exe
Backup Exec 11d for Windows Servers revision 6235 32bit Media Server
Symantec be6235RHF24_x64bit_289293.exe
Backup Exec 11d for Windows Servers revision 6235 x64bit Media Server
Symantec be7170RHF9_32bit_289294.exe
Backup Exec 11d for Windows Servers revision 7170 32bit Media Server
Symantec be7170RHF9_x64bit_289295.exe
Backup Exec 11d for Windows Servers revision 7170 x64bit Media Server
Symantec Veritas Backup Exec for Windows Servers 10d
Symantec be5629RHF49_289291.exe
Backup Exec 10d for Windows Servers revision 5629
Symantec Veritas Backup Exec for Windows Servers 10.0
Symantec BE5484RHF40_289289.exe
Backup Exec 10.0 for Windows Servers revision 5484
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=BE5484RHF40_289289.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=289289
Symantec BE5520RHF37_289290.exe
Backup Exec 10.0 for Windows Servers revision 5520
http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=BE5520RHF37_289290.exe&source=1&url=/pub/support/products/Backup_E xec_for_WindowsNT/&id=289290

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-11 16.995
ID 14791
Created Jul 17, 2007
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2007-3509
Exploit Prediction Score 9.56%
Default Action pass
Active
Affected OS Windows
Affected App Other