PT-2008-6525 · Symantec · Symantec Backup Exec For Windows Servers
Published
2008-12-09
·
Updated
2017-08-08
·
CVE-2008-5408
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec Backup Exec for Windows Servers version 11.0
Symantec Backup Exec for Windows Servers versions 12.0 through 12.5
Description
A buffer overflow issue exists in the data management protocol, allowing remote authenticated users to cause a denial of service and possibly execute arbitrary code via unknown vectors. This issue can also be exploited by unauthenticated remote attackers.
Recommendations
For Symantec Backup Exec for Windows Servers version 11.0, update to a version that is not affected by this issue.
For Symantec Backup Exec for Windows Servers versions 12.0 through 12.5, update to a version that is not affected by this issue.
As a temporary workaround, consider restricting access to the data management protocol to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Backup Exec For Windows Servers