Symantec Security Advisory SYM06-005 Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job log Format String Overflow
3fc9efcaf1ab4361eced5ce676619447b9191aad96ae7b1e9960224f392b4759Symantec Security Advisory
SYM06-005
17 March 2006
Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job
log Format String Overflow
Revision History
None
Severity
Low (network/system authorization and specific configuration required)
Remote Access Yes
Local Access No
Authentication Required Yes
Exploit publicly available No
Overview
Backup Exec for Windows Servers Media Server is susceptible to a format string vulnerability in the job log in BENGINE.exe when job logging is
configured with full details enabled. (Not the default configuration)
An authorized user on the network with a system configured for backup could potentially host a specifically-formatted file on their system. If the file name is properly mal-formatted AND the backup is being run with job logs enabled in Full Details mode, the malicious user could cause a denial of service on the Media Server or may potentially be able to run arbitrary code on the system hosting the Media Server.
Full Advisory available @
http://www.symantec.com/avcenter/security/Content/2006.03.17b.html
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed