===================================================================== CERT-Renater Note d'Information No. 2006/VULN097 _____________________________________________________________________ DATE : 22/03/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Veritas Backup Exec for Windows Servers. ====================================================================== Symantec Security Advisory SYM06-005 17 March 2006 Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job log Format String Overflow Revision History None Severity Low (network/system authorization and specific configuration required) Remote Access Yes Local Access No Authentication Required Yes Exploit publicly available No Overview Backup Exec for Windows Servers Media Server is susceptible to a format string vulnerability in the job log in BENGINE.exe when job logging is configured with full details enabled. (Not the default configuration) An authorized user on the network with a system configured for backup could potentially host a specifically-formatted file on their system. If the file name is properly mal-formatted AND the backup is being run with job logs enabled in Full Details mode, the malicious user could cause a denial of service on the Media Server or may potentially be able to run arbitrary code on the system hosting the Media Server. Full Advisory available @ http://www.symantec.com/avcenter/security/Content/2006.03.17b.html ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================