Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-4128

Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.

Published

2006-08-14T23:04:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	symantec_veritas	backup_exec	9.1	Yes
Application	symantec_veritas	backup_exec	9.1_build9.1.4691	Yes
Application	symantec_veritas	backup_exec	9.2	Yes
Application	symantec_veritas	backup_exec	10.0	Yes
Application	symantec_veritas	backup_exec	10.0_build10.0.5484	Yes
Application	symantec_veritas	backup_exec	10.0_build10.0.5520	Yes
Application	symantec_veritas	backup_exec	10.1	Yes
Application	symantec_veritas	backup_exec	10.1.325.6301	Yes
Application	symantec_veritas	backup_exec	10.1.326.1401	Yes
Application	symantec_veritas	backup_exec	10.1.326.2501	Yes
Application	symantec_veritas	backup_exec	10.1.326.3301	Yes
Application	symantec_veritas	backup_exec	10.1.327.401	Yes
Application	symantec_veritas	backup_exec	10.1_build10.1.5629	Yes

References

http://secunia.com/advisories/21472 Vendor Advisory ([email protected])
http://securityreason.com/securityalert/1380 ([email protected])
http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html ([email protected])
http://securitytracker.com/id?1016683 ([email protected])
http://seer.entsupport.symantec.com/docs/284623.htm Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/647796 US Government Resource ([email protected])
http://www.securityfocus.com/archive/1/443037/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/19479 ([email protected])
http://www.vupen.com/english/advisories/2006/3266 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/28336 ([email protected])
http://secunia.com/advisories/21472 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/1380 (af854a3a-2127-422b-91ae-364da2661108)
http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016683 (af854a3a-2127-422b-91ae-364da2661108)
http://seer.entsupport.symantec.com/docs/284623.htm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/647796 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/443037/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/19479 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3266 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28336 (af854a3a-2127-422b-91ae-364da2661108)