|
08.16.05
Veritas Flaw Exposes Systems To Attacks
 By David Utter
Symantec, which now owns Veritas, has issued a Critical
alert and a patch for Veritas Backup Exec and NetBackup for NetWare. Left
unpatched, the flaw could allow a remote attacker to gain access to data on a
system.
Worse, an exploit of the flaw has been found in the wild. That exploit affects
the problem with the product's Network Data Management Protocol agent, according
to a statement from the French Security Incident Response Team. Attackers using
the Metasploit penetration toolkit have been hammering away wherever they can
find an open TCP port 10,000.
Firewalls that block the port in question will repel these attacks. Only trusted
systems on a network should be allowed to connect to that port. Symantec has recommended
that users patch their systems as soon as possible. Remote Agents on Unix and
Linux servers are also vulnerable, along with the Windows and NetWare versions
of Backup Exec and Remote Agent, and the NetBackup for NetWare product line.
About the Author:
David Utter is a staff writer for WebProNews covering technology and business. |
