FKIE_CVE-2006-4128

Vulnerability from fkie_nvd - Published: 2006-08-14 23:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.
References
cve@mitre.orghttp://secunia.com/advisories/21472Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1380
cve@mitre.orghttp://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html
cve@mitre.orghttp://securitytracker.com/id?1016683
cve@mitre.orghttp://seer.entsupport.symantec.com/docs/284623.htmVendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/647796US Government Resource
cve@mitre.orghttp://www.securityfocus.com/archive/1/443037/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19479
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3266
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28336
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21472Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1380
af854a3a-2127-422b-91ae-364da2661108http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016683
af854a3a-2127-422b-91ae-364da2661108http://seer.entsupport.symantec.com/docs/284623.htmVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/647796US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443037/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19479
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3266
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28336
Impacted products
Vendor Product Version
symantec_veritas backup_exec 9.1
symantec_veritas backup_exec 9.1_build9.1.4691
symantec_veritas backup_exec 9.2
symantec_veritas backup_exec 10.0
symantec_veritas backup_exec 10.0_build10.0.5484
symantec_veritas backup_exec 10.0_build10.0.5520
symantec_veritas backup_exec 10.1
symantec_veritas backup_exec 10.1.325.6301
symantec_veritas backup_exec 10.1.326.1401
symantec_veritas backup_exec 10.1.326.2501
symantec_veritas backup_exec 10.1.326.3301
symantec_veritas backup_exec 10.1.327.401
symantec_veritas backup_exec 10.1_build10.1.5629
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:9.1:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "E11FD33B-E9E1-4C1D-A3C2-622A99637B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:9.1_build9.1.4691:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "0113460A-3653-471F-8CBC-DADDB8019424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:9.2:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "F0FE14BC-EC55-41D8-A3B2-01E5D713C537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.0:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "4D552062-F18D-4800-9618-C1A5F967F7C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.0_build10.0.5484:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "398B0C1C-3969-4664-A175-AF149DE701BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.0_build10.0.5520:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "CA98695D-2217-419A-8CEA-8EE30FEF6A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.1:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "D1C409F7-A4AA-4693-AFB2-8DCA9E9AB928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.1.325.6301:*:*:*:*:*:*:*",
              "matchCriteriaId": "62FDC7A0-1BDF-4BE6-ACC0-9508092A07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.1401:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B46764B-6B34-414D-AD39-61A0C645F940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.2501:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E7CF0C-3200-4976-B57B-91BDB8F50C47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.1.326.3301:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F47DBE4-186F-4064-8FEF-FA36050B2074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.1.327.401:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AAC413A-B3BA-4AD4-9BD4-0BFC4355451E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec_veritas:backup_exec:10.1_build10.1.5629:*:windows_server_remote_agent:*:*:*:*:*",
              "matchCriteriaId": "5CAE4CB5-9716-4C34-A7F2-BA8133ECBA38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message."
    },
    {
      "lang": "es",
      "value": "M\u00faliples desbordamientos de b\u00fafer en Symantec VERITAS Backup Exec para Netware Server Remote Agent para Windows Server 9.1 y 9.2 (todas las construcciones), Backup Exec Continuous Protection Server Remote Agent para Windows Server 10.1 (10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, y 10.1.327.401), y Backup Exec para Windows Server y Remote Agent 9.1 (9.1.4691), 10.0 (10.0.5484 y 10.0.5520), y 10.1 (10.1.5629) permite a un atacante remoto provocar denegaci\u00f3n de servicio (caida de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de mensajes RPC manipulados."
    }
  ],
  "id": "CVE-2006-4128",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-14T23:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21472"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1380"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016683"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://seer.entsupport.symantec.com/docs/284623.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/647796"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443037/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3266"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://seer.entsupport.symantec.com/docs/284623.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/647796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443037/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28336"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.