Buffer Overflow in Symantec Backup Exec for Windows Servers
CVE-2008-5408

Currently unrated

Key Information:

Vendor: Symantec
Status: Backup Exec For Windows Server
Vendor: CVE Published:; 10 December 2008

Summary

A buffer overflow vulnerability exists in the data management protocol of Symantec Backup Exec for Windows Servers versions 11.0 (11d) builds 6235 and 7170, as well as 12.0 build 1364 and 12.5 build 2213. This flaw allows remote authenticated users to crash the application, potentially leading to a denial of service and the execution of arbitrary code. Intriguingly, this vulnerability can also be exploited by unauthenticated remote attackers through the manipulation of an associated weakness (CVE-2008-5407).

References

http://www.securitytracker.com/id?1021246

vdb-entryx_refsource_SECTRACK

http://seer.entsupport.symantec.com/docs/314528.htm

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/3209

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Dec 8, 2008