CVE-2006-1298

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions 9.1 through 10.1

Description The issue is related to a format string vulnerability in the Job Engine service of the Media Server in Veritas Backup Exec. This vulnerability can be exploited by remote authenticated users when the job log mode is set to Full Detailed. By using a crafted filename on a machine backed up by Backup Exec, an attacker can cause a denial of service and possibly execute arbitrary code.

Recommendations For Veritas Backup Exec version 9.1, update to a version that is not affected by this issue. For Veritas Backup Exec version 10.0, update to a version that is not affected by this issue. For Veritas Backup Exec version 10.1, update to a version that is not affected by this issue. As a temporary workaround, consider setting the job log mode to a level other than Full Detailed to minimize the risk of exploitation.