Summary:  Information Security personnel at several Universities (Including the University at Albany) and other Internet Monitoring organizations have reported an uptick in data traffic on TCP port 10000. A linkage between the spike in TCP port 10000 traffic and a recently-proven exploit on Veritas BackupExec products has been confirmed by various network security authorities. Potential outcomes of successful exploit include Denial of Service (DoS) and remote code execution.

Recommended Actions:  Veritas has hotfixes available to address this vulnerability. System Administrators who maintain vulnerable builds of these products are encouraged to read the vendor's documentation (links provided below) and (if appropriate) apply the necessary hotfixes.

ITS Actions:  At this time, ITS is taking no specific campus-wide actions to counter this event. An update will be issued if this situation changes.

Resources:
iDefense narrative on event
**NOTE** This page contains broken link(s).

SANS description of event

Veritas Documentation:
http://support.veritas.com/docs/276156
http://support.veritas.com/docs/275911
http://support.veritas.com/docs/275909
http://support.veritas.com/docs/275514
http://support.veritas.com/docs/277423
http://support.veritas.com/docs/277421
http://support.veritas.com/docs/276156
http://support.veritas.com/docs/275909
http://support.veritas.com/docs/264658
http://support.veritas.com/docs/277497
http://support.veritas.com/docs/277498

http://seer.support.veritas.com/docs/276604.htm
http://seer.support.veritas.com/docs/276605.htm
http://seer.support.veritas.com/docs/276606.htm
http://seer.support.veritas.com/docs/276607.htm
http://seer.support.veritas.com/docs/276608.htm
http://seer.support.veritas.com/docs/276533.htm
**NOTE** ABOVE LINK (276533) MAY BE BROKEN
http://seer.support.veritas.com/docs/277485.htm