Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4347

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2007-4347
Last Modified 07 Mar 2011 09:58:24
Published 29 Nov 2007 06:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4347

Summary

Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.

Vulnerable Systems

Application

  • Symantec Backupexec System Recovery 11.0.6235

  • Symantec Backupexec System Recovery 11.0.7170


References

BID - 26029

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.html

SECUNIA - 26975

VUPEN - ADV-2007-4019

SECTRACK - 1019001

MISC - http://secunia.com/secunia_research/2007-74/advisory/

XF - backupexec-bengine-dos(38677)

BUGTRAQ - 20071128 SYM07-029 Symantec BEWS Multiple DoS in Job Engine

BUGTRAQ - 20071128 Secunia Research: Symantec Backup Exec Job Engine Denial of Service


Last Updated: 27 May 2016 10:45:50