CVE-2006-1297
CVSS5.0
发布时间 :2006-03-19 18:02:00
修订时间 :2011-03-07 21:32:44
NMCOS    

[原文]Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors."


[CNNVD]Veritas Backup Exec多个远程拒绝服务漏洞(CNNVD-200603-326)

        在Windows服务器远程代理9.1至10.1,Netware服务器和远程代理9.1和9.2,Linux服务器10.0和10.1的远程代理的Veritas Backup Exec中存在不明漏洞, 攻击者可制造因"内存出错"所引起的拒绝服务(应用程序崩溃或不可用)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:symantec_veritas:backup_exec_remote_agent:windows_server_10.0
cpe:/a:symantec_veritas:backup_exec_remote_agent:unix_linux_server_10.1
cpe:/a:symantec_veritas:backup_exec_remote_agent:netware_server_9.2
cpe:/a:symantec_veritas:backup_exec_remote_agent:netware_server_9.1
cpe:/a:symantec_veritas:backup_exec_remote_agent:windows_server_10.1
cpe:/a:symantec_veritas:backup_exec:netware_server_9.2
cpe:/a:symantec_veritas:backup_exec_remote_agent:windows_server_9.1
cpe:/a:symantec_veritas:backup_exec:netware_server_9.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1297
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1297
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-326
(官方数据源) CNNVD

- 其它链接及资源

http://www.symantec.com/avcenter/security/Content/2006.03.17a.html
(PATCH)  CONFIRM  http://www.symantec.com/avcenter/security/Content/2006.03.17a.html
http://xforce.iss.net/xforce/xfdb/25309
(UNKNOWN)  XF  backupexec-app-memory-dos(25309)
http://www.vupen.com/english/advisories/2006/0995
(UNKNOWN)  VUPEN  ADV-2006-0995
http://www.securityfocus.com/bid/17098
(UNKNOWN)  BID  17098
http://www.securityfocus.com/archive/1/archive/1/428016/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060317 Symantec Security Advisory SYM06-004
http://securitytracker.com/id?1015784
(UNKNOWN)  SECTRACK  1015784
http://secunia.com/advisories/19242
(VENDOR_ADVISORY)  SECUNIA  19242
http://securityreason.com/securityalert/597
(UNKNOWN)  SREASON  597

- 漏洞信息

Veritas Backup Exec多个远程拒绝服务漏洞
中危 其他
2006-03-19 00:00:00 2006-03-27 00:00:00
远程  
        在Windows服务器远程代理9.1至10.1,Netware服务器和远程代理9.1和9.2,Linux服务器10.0和10.1的远程代理的Veritas Backup Exec中存在不明漏洞, 攻击者可制造因"内存出错"所引起的拒绝服务(应用程序崩溃或不可用)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Symantec Backup Exec Continuous Protection Server 10.1.325 .6301
        Symantec CPSPatch_283478.exe
        http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=CPSPatch_283478.exe&source=1&url=/pub/support/products/Backup_Exec _for_WindowsNT/&id=283478
        Symantec Backup Exec Continuous Protection Server 10.1.326 .2501
        Symantec CPSPatch_283478.exe
        http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=CPSPatch_283478.exe&source=1&url=/pub/support/products/Backup_Exec _for_WindowsNT/&id=283478
        Symantec Backup Exec Continuous Protection Server 10.1.326 .1401
        Symantec CPSPatch_283478.exe
        http://seer.support.veritas.com/downloads/export.asp?ddProduct=BEWNT&f ile=CPSPatch_283478.exe&source=1&url=/pub/support/products/Backup_Exec _for_WindowsNT/&id=283478
        

- 漏洞信息

24003
VERITAS Backup Exec Unspecified Memory Access DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-03-17 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Veritas Backup Exec Multiple Remote Denial of Service Vulnerabilities
Failure to Handle Exceptional Conditions 17098
Yes No
2006-03-17 12:00:00 2006-06-05 10:57:00
These issues were identified by the vendor.

- 受影响的程序版本

Veritas Software Backup Exec for NetWare Servers 9.1.1156
Veritas Software Backup Exec for NetWare Servers 9.1.1154
Veritas Software Backup Exec for NetWare Servers 9.1.1152 .4
Veritas Software Backup Exec for NetWare Servers 9.1.1152
Veritas Software Backup Exec for NetWare Servers 9.1.1151 .1
Veritas Software Backup Exec for NetWare Servers 9.1.1127 .1
Veritas Software Backup Exec for NetWare Servers 9.1.1067 .3
Veritas Software Backup Exec for NetWare Servers 9.1.1067 .2
Veritas Software Backup Exec for NetWare Servers 9.1.307
Veritas Software Backup Exec for NetWare Servers 9.1.306
Symantec Remote Agent for Linux Servers 10.1
Symantec Remote Agent for Linux Servers 10.0
Symantec NetBackup for Netware Media Server Option 6.0
Symantec NetBackup for Netware Media Server Option 5.1
Symantec NetBackup for Netware Media Server Option 5.0
Symantec NetBackup for Netware Media Server Option 4.5 MP
Symantec NetBackup for Netware Media Server Option 4.5 FP
Symantec Backup Exec for Windows Server Remote Agent 9.1
Symantec Backup Exec for Windows Server Remote Agent 10.1
Symantec Backup Exec for Windows Server Remote Agent 10.0
Symantec Backup Exec for Netware Servers Remote Agent 9.2
Symantec Backup Exec for Netware Servers Remote Agent 9.1
Symantec Backup Exec for Netware Servers 9.2
Symantec Backup Exec Continuous Protection Server 10.1.326 .2501
Symantec Backup Exec Continuous Protection Server 10.1.326 .1401
Symantec Backup Exec Continuous Protection Server 10.1.325 .6301

- 漏洞讨论

Veritas Backup Exec is prone to multiple remote denial-of-service vulnerabilities.

These issues result in memory violations and memory exhaustion and lead to denial-of-service conditions in the affected applications. A restart is required to regain normal functionality in most cases.

Various versions of Backup Exec for Windows, Linux, and NetWare are vulnerable. NetBackup for NetWare Media Server Option releases, and Backup Exec Continuous Protection Server are also affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Symantec has released adviosry SYM06-004 to address these issues. Please see the references for more information about obtaining fixes.


Symantec Backup Exec Continuous Protection Server 10.1.325 .6301

Symantec Backup Exec Continuous Protection Server 10.1.326 .2501

Symantec Backup Exec Continuous Protection Server 10.1.326 .1401

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站