Vulnerability Description
Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Backupexec System Recovery | 11.0.6235 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/26975Patch
- http://secunia.com/secunia_research/2007-74/advisory/Vendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.htmlPatch
- http://www.securityfocus.com/archive/1/484318/100/0/threaded
- http://www.securityfocus.com/archive/1/484333/100/0/threaded
- http://www.securityfocus.com/bid/26029Patch
- http://www.securitytracker.com/id?1019001
- http://www.vupen.com/english/advisories/2007/4019
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38677
- http://secunia.com/advisories/26975Patch
- http://secunia.com/secunia_research/2007-74/advisory/Vendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2007.11.27.htmlPatch
- http://www.securityfocus.com/archive/1/484318/100/0/threaded
- http://www.securityfocus.com/archive/1/484333/100/0/threaded
- http://www.securityfocus.com/bid/26029Patch
FAQ
What is CVE-2007-4347?
CVE-2007-4347 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of se...
How severe is CVE-2007-4347?
CVE-2007-4347 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4347?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Backupexec System Recovery.