CVE-2006-4128

Name of the Vulnerable Software and Affected Versions Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server versions 9.1 through 9.2 Symantec Backup Exec Continuous Protection Server Remote Agent for Windows Server version 10.1 Symantec Backup Exec for Windows Server and Remote Agent versions 9.1 through 10.1

Description The issue is related to multiple heap-based buffer overflows that can be triggered by remote attackers sending a crafted RPC message. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code.

Recommendations For Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server versions 9.1 through 9.2, update to a version that is not affected by this issue. For Symantec Backup Exec Continuous Protection Server Remote Agent for Windows Server version 10.1, update to a version that is not affected by this issue. For Symantec Backup Exec for Windows Server and Remote Agent versions 9.1 through 10.1, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the RPC service to minimize the risk of exploitation.