CVE-2006-4128

critical

Description

Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28336

http://www.vupen.com/english/advisories/2006/3266

http://www.securityfocus.com/bid/19479

http://www.securityfocus.com/archive/1/443037/100/0/threaded

http://www.kb.cert.org/vuls/id/647796

http://seer.entsupport.symantec.com/docs/284623.htm

http://securitytracker.com/id?1016683

http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html

http://securityreason.com/securityalert/1380

http://secunia.com/advisories/21472

Details

Source: Mitre, NVD

Published: 2006-08-14

Updated: 2018-10-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical