In association with heise online

15 August 2006, 11:12

Privilege Elevation in Backup Exec

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has published a security advisory regarding Backup Exec software. Registered users to the system can elevate their privileges by sending manipulated packets to the local RPC servers, which then fails properly to inspect the packets. This in turn makes it possible to trigger a buffer overflow and to execute planted code with Backup Exec's rights.

The advisory pertains to Backup Exec for Windows Server and Remote Agent 9.1, 10.0, 10.1, Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1, and, Backup Exec for Netware Server Remote Agent for Windows Server 9.1 as well as 9.2. The Symantec advisory links to hotfixes for the corresponding versions. Administrators should install them as quickly as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit