[NT] Symantec BEWS Multiple DoS in Job Engine



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Symantec BEWS Multiple DoS in Job Engine
------------------------------------------------------------------------


SUMMARY

Symantec Backup Exec for Windows Servers (BEWS) may be susceptible to
multiple denial of service attacks (DoS) if maliciously formatted packets
are passed to the BEWS Job Engine.

DETAILS

Vulnerable Systems:
* Symantec Backup Exec for Windows Servers 11d (1.0.6235)
* Symantec Backup Exec for Windows Servers 11d (11.0.7170)

Secunia Research notified Symantec of three DoS issues involving erroneous
packet handling affecting components of the Symantec Backup Exec for
Windows Servers Job Engine. One is a null-pointer dereference issue that
crashes the listening service, and two additional issues involving integer
overflows that can force the service into an infinite loop resulting in
memory exhaustion or high CPU utilization. Successful exploitation
requires access to the affected port. In normal installations this would
require the attacker to have authorized but non-privileged access to the
network on which the targeted server resides to leverage network
communications. A successful attack could result in termination of the
targeted service and loss of scheduling services or potentially loss of
access to the application until the service is restarted or the targeted
activity ceases.

Symantec Response
Symantec engineers have addressed this issue in all affected builds of the
identified product. Security updates are available for all affected
product builds.

Symantec strongly recommends all customers apply the latest security
update as indicated for their supported product versions to protect
against threats of this nature. Symantec knows of no exploitation of or
adverse customer impact from these issues.

The patch listed above for affected products is available from the
following location:
Build 6235: <http://support.veritas.com/docs/294241>
http://support.veritas.com/docs/294241
Build 7170: <http://support.veritas.com/docs/294237>
http://support.veritas.com/docs/294237

Best Practices
As part of normal best practices, Symantec recommends:
* Restrict access to administration or management systems to authorized
privileged users
* Block remote access to all ports not essential for efficient operation
* Restrict remote access, if required, to trusted/authorized systems only
* Remove/disable unnecessary accounts or restrict access according to
security policy as required
* Run under the principle of least privilege where possible
* Keep all operating systems and applications updated with the latest
vendor patches
* Follow a multi-layered approach to security. Run both firewall and
antivirus applications, at a minimum, to provide multiple points of
detection and protection to both inbound and outbound threats
* Deploy network intrusion detection systems to monitor network traffic
for signs of anomalous or suspicious activity. This may aid in detection
of attacks or malicious activity related to exploitation of latest
vulnerabilities

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4346>
CVE-2007-4346,
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4347>
CVE-2007-4347


ADDITIONAL INFORMATION

The information has been provided by <mailto:secure@xxxxxxxxxxxx>
Symantec Secure.
The original article can be found at:
<http://www.symantec.com/avcenter/security/Content/2007.11.27.html>
http://www.symantec.com/avcenter/security/Content/2007.11.27.html



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.