{"vuid":"VU#213697","idnumber":"213697","name":"Symantec Backup Exec contains heap overflow in RPC interface","keywords":["Symantec","Backup Exec","DoS","denial of service","crafted calls","RPC interface"],"overview":"Symantec Backup Exec for Windows Servers contains a vulnerability that may allow a remote attacker to cause a denial of service or potentially execute arbitrary code on an affected system.","clean_desc":"Symantec Backup Exec for Windows Servers is a client/server based backup software solution. A heap buffer overflow vulnerability exists in the way one of the Remote Procedure Call (RPC) interfaces provided by this software handles requests using the ncacn_ip_tcp protocol. A remote attacker with the ability to connect to the affected service and supply a specially crafted packet could exploit this vulnerability.","impact":"A remote unauthenticated attacker may be able to cause the affected service to crash, resulting in a denial of service. Symantec reports that the attacker may also potentially be able to execute arbitrary code on the affected system.","resolution":"Apply an update from the vendor\nSymantec has published Symantec Security Advisory SYM07-015 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.","workarounds":"Workarounds\nYou may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by the affected component (6106/tcp). This will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.","sysaffected":"","thanks":"iDefense reported this vulnerability in \niDefense PUBLIC ADVISORY: 07.11.07\n. They credit an anonymous researcher with reporting this vulnerability to them.","author":"This document was written by Chad R Dougherty based on information supplied by Symantec and iDefense.","public":["h","t","t","p",":","/","/","w","w","w",".","s","y","m","a","n","t","e","c",".","c","o","m","/","a","v","c","e","n","t","e","r","/","s","e","c","u","r","i","t","y","/","C","o","n","t","e","n","t","/","2","0","0","7",".","0","7",".","1","1","a",".","h","t","m","l"],"cveids":["CVE-2007-3509"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-07-11T17:35:24Z","publicdate":"2007-07-11T00:00:00Z","datefirstpublished":"2007-07-11T19:04:49Z","dateupdated":"2007-07-11T19:05:03Z","revision":6,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"8","cam_attackeraccessrequired":"14","cam_scorecurrent":"6.3","cam_scorecurrentwidelyknown":"7.56","cam_scorecurrentwidelyknownexploited":"12.6","ipprotocol":"tcp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.3,"vulnote":null}