Privilege Elevation in Backup Exec
Symantec has published a security advisory regarding Backup Exec software. Registered users to the system can elevate their privileges by sending manipulated packets to the local RPC servers, which then fails properly to inspect the packets. This in turn makes it possible to trigger a buffer overflow and to execute planted code with Backup Exec's rights.
The advisory pertains to Backup Exec for Windows Server and Remote Agent 9.1, 10.0, 10.1, Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1, and, Backup Exec for Netware Server Remote Agent for Windows Server 9.1 as well as 9.2. The Symantec advisory links to hotfixes for the corresponding versions. Administrators should install them as quickly as possible.
- Backup Exec for Windows Server: RPC Interface Heap Overflow, Authorized User Potential Elevation of Privilege, Advisory from Symantec