Symantec Backup Exec for Windows Servers Denial of Service Vulnerabilities
High Nessus Plugin ID 28361
SynopsisThe remote Windows host contains an application that is affected by several denial of service vulnerabilities.
DescriptionBackup Exec for Windows Servers, a commercial backup product from Symantec, is installed on the remote host.
The version of the Backup Exec Job Engine, bengine.exe, installed as part of Backup Exec for Windows Server on the remote host contains a NULL pointer dereference error when handling exceptions. Using a specially crafted packet, an attacker can leverage this issue to crash the affected service.
In addition, it is affected by two overflow errors that can cause the service to enter an infinite loop, resulting in high CPU utilization and / or memory exhaustion.
SolutionApply the appropriate hotfix according to the vendor advisories above.