X
Tech
Home Tech Security

Symantec plugs Backup Exec holes

Security and data storage powerhouse Symantec has issued hotfixes for a slew of denial-of-service vulnerabilities affecting its Symantec Backup Exec for Windows Servers (BEWS) product.
Written by Ryan Naraine, Contributor
Security and data storage powerhouse Symantec has issued hotfixes for a slew of denial-of-service vulnerabilities affecting its Symantec Backup Exec for Windows Servers (BEWS) product.

The company rates the issue as moderately critical  and warned that the issues can be exploit remotely if maliciously formatted packets are passed to the BEWS Job Engine.

A successful attack could result in termination of the targeted service and loss of scheduling services or potentially loss of access to the application until the service is restarted or the targeted activity ceases. 

Secunia Research is credited with finding and reporting the vulnerabilities:

A null-pointer dereference error in the Backup Exec Job Engine service (bengine.exe) when handling exceptions can be exploited to crash the service by sending a specially crafted packet to default port 5633/TCP.

Two integer overflow errors within the Backup Exec Job Engine service can be exploited to e.g. cause the service to enter an infinite loop and exhaust all available memory or consume large amounts of CPU resource by sending a specially crafted packet to default port 5633/TCP.

Confirmed vulnerable: Symantec Backup Exec for Windows Servers version 11d build 11.0.7170 and also affect version 11d build 11.0.6.6235.    Hotfixes are available.

Editorial standards
Show Comments

Related

logi-ai-prompt-builder-mx-setup

Logitech mouse and keyboard users are getting a free AI upgrade

Placeholder product image alt text

The best AI image generators to try right now

GOTRAX 4 electric scooter

The most charming projector I've tested has now replaced my TV for movie nights