Hello,
To determine if the RAWS service failure is in fact due to such an attack, check to see if the FAULT occurs in the function "DeasciifyAndDecrypt" within the Dr Watson log. The following iDEFENSE article gives a great deal of detail on the Vulnerability and gives a Windows Debugger (WinDbg) break down of a user.dmp from such a service failure:
Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow Vulnerability
http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities&flashstatus=true
You can also get to this article by starting from our Security Advisory, click on the iDEFENSE link, and then click on the Vulnerability that mentions VERITAS Backup Exec and a Buffer Overflow (ADVISORY 06.23.05 : Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow Vulnerability). We may be modifying the VERITAS advisory to include a direct link to the iDEFENSE related advisory
NOTE : If we do not receive your reply within two business days, this post would be marked assumed answeredand would be moved toanswered questions pool.