CVE-2006-4128: Buffer Overflow
First published: Mon Aug 14 2006(Updated: )
Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veritas Backup Exec | =9.1 | |
| Veritas Backup Exec | =9.1_build9.1.4691 | |
| Veritas Backup Exec | =9.2 | |
| Veritas Backup Exec | =10.0 | |
| Veritas Backup Exec | =10.0_build10.0.5484 | |
| Veritas Backup Exec | =10.0_build10.0.5520 | |
| Veritas Backup Exec | =10.1 | |
| Veritas Backup Exec | =10.1.325.6301 | |
| Veritas Backup Exec | =10.1.326.1401 | |
| Veritas Backup Exec | =10.1.326.2501 | |
| Veritas Backup Exec | =10.1.326.3301 | |
| Veritas Backup Exec | =10.1.327.401 | |
| Veritas Backup Exec | =10.1_build10.1.5629 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html
- http://seer.entsupport.symantec.com/docs/284623.htm
- http://www.securityfocus.com/bid/19479
- http://securitytracker.com/id?1016683
- http://secunia.com/advisories/21472
- http://www.kb.cert.org/vuls/id/647796
- http://securityreason.com/securityalert/1380
- http://www.vupen.com/english/advisories/2006/3266
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28336
- http://www.securityfocus.com/archive/1/443037/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-4128?
CVE-2006-4128 is considered a critical severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2006-4128?
To fix CVE-2006-4128, upgrade to the latest version of Symantec VERITAS Backup Exec that addresses this vulnerability.
What products are affected by CVE-2006-4128?
CVE-2006-4128 affects multiple versions of Symantec VERITAS Backup Exec, specifically versions 9.1, 9.2, and 10.1 Remote Agents for Windows Server.
What type of vulnerability is CVE-2006-4128?
CVE-2006-4128 is classified as a heap-based buffer overflow vulnerability.
Can CVE-2006-4128 be exploited remotely?
Yes, CVE-2006-4128 can be exploited remotely, allowing attackers to execute arbitrary code.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec veritas
- canonical/veritas backup exec
- version/veritas backup exec/9.1
- version/veritas backup exec/9.1_build9.1.4691
- version/veritas backup exec/9.2
- version/veritas backup exec/10.0
- version/veritas backup exec/10.0_build10.0.5484
- version/veritas backup exec/10.0_build10.0.5520
- version/veritas backup exec/10.1
- version/veritas backup exec/10.1.325.6301
- version/veritas backup exec/10.1.326.1401
- version/veritas backup exec/10.1.326.2501
- version/veritas backup exec/10.1.326.3301
- version/veritas backup exec/10.1.327.401
- version/veritas backup exec/10.1_build10.1.5629