|
ALARM Group ALERT — click for a description of ALARM, The Computing Alert System Alert Number: 081205-01 Alert Date: 08/12/0 Alert Title: New exploit for VERITAS Backup Exec Remote Agent for Windows Update-to: none OS/Platform/Application: OS/Platform/Application: Backup Exec 10.0 for Windows Servers Backup Exec 9.1 for Windows Servers Backup Exec 9.0 for Windows Servers Backup Exec 8.x for Windows Servers Category: ALERT Severity: HIGH Attention: Windows System Administrators running build(s) of Veritas Backup Exec listed above. |
Summary: Multiple Internet security agencies are reporting the release of a new vulnerability for the Veritas Backup Exec suite of products (running on Windows Servers). Due to the potential ramifications of this compromise (remote access, code execution, file retrieval) the majority of these agencies are listing the vulnerability as a critical issue.Recommended Actions: At the time of this writing, Veritas has not issued a hotfix for this vulnerability. System Administrators who maintain vulnerable builds this product are encouraged to frequently check the vendor's software alerts page (link provided below) and (if appropriate) apply the necessary hotfixes when they are made available. See 'ITS Actions' (below) for additional information that may affect your operations.
ITS Actions: In keeping with the recommendations of several major Internet security agencies, ITS is temporarily blocking port 10000 traffic (inbound from the Internet) to reduce the potential for widespread infection. An update will be issued if this situation changes.
Resources:
Veritas Software Alerts Page
FrSIRT description of vulnerability
