Software Engineering Institute

Symantec Backup Exec for Windows Servers is a client/server based backup software solution. A heap buffer overflow vulnerability exists in the way one of the Remote Procedure Call (RPC) interfaces provided by this software handles requests using the ncacn_ip_tcp protocol. A remote attacker with the ability to connect to the affected service and supply a specially crafted packet could exploit this vulnerability.

A remote unauthenticated attacker may be able to cause the affected service to crash, resulting in a denial of service. Symantec reports that the attacker may also potentially be able to execute arbitrary code on the affected system.

Apply an update from the vendor

Symantec has published Symantec Security Advisory SYM07-015 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Workarounds

You may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by the affected component (6106/tcp). This will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.