Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5408

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-5408
Last Modified 07 Mar 2011 10:14:33
Published 10 Dec 2008 01:44:42
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-5408

Summary

Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407.

Vulnerable Systems

Application

  • Symantec Backup Exec For Windows Server 11d

  • Symantec Backup Exec For Windows Server 12.0

  • Symantec Backup Exec For Windows Server 12.5


References

BID - 32346

CONFIRM - http://seer.entsupport.symantec.com/docs/314528.htm

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html

XF - backupexec-dataprotocol-bo(46731)

VUPEN - ADV-2008-3209

SECTRACK - 1021246

SECUNIA - 32810


Last Updated: 27 May 2016 10:48:48