Symantec closes DoS holes in Backup Exec for Windows
Symantec has released security updates for its Backup Exec for Windows Servers to remedy three DoS vulnerabilities. According to the vendor's security advisory, manipulated packets in the server's Job Engine can be used to provoke two integer overflows which leads to memory exhaustion or high CPU utilization. As a result, the server no longer reacts normally. Furthermore, special packets can cause the same outcome by means of a null-pointer dereference. However, such attacks are generally only possible from the LAN. Backup Exec for Windows Servers 11d Build 11.0.6235 and 11.0.7170 are affected.
- Symantec Backup Exec for Windows Server: Multiple Denial of Service Issues in Job Engine, Symantec security advisory