Exploit For Unpatched Veritas Backup Bug Circulates

Iria · Aug 12, 2005, 10:26 PM

Veritas Backup Exec has an unpatched vulnerability, Symantec said Friday, and an exploit targeting the buggy backup software is in the wild. The only defense is to filter the ports associated with the program.

"An exploit targeting a previously undisclosed flaw affecting Veritas Backup Exec Agent has been released to the public by the Metasploit Foundation," Symantec's Friday alert read.

According to Symantec, a logic bug in the backup software can be exploited to bypass authentication, and give an attacker full access to the system. With that control in hand, the hacker can then tell the Backup Exec Agent to connect to a port designated by the intruder, and transfer any file via the port to a remote PC.
__________
Read More / Source: TechWeb

Aug 12, 2005, 10:26 PM	#1
Iria DriverHeaven Extreme Member Join Date: Apr 2004 Posts: 7,275 Rep Power: 87	Exploit For Unpatched Veritas Backup Bug Circulates Veritas Backup Exec has an unpatched vulnerability, Symantec said Friday, and an exploit targeting the buggy backup software is in the wild. The only defense is to filter the ports associated with the program. "An exploit targeting a previously undisclosed flaw affecting Veritas Backup Exec Agent has been released to the public by the Metasploit Foundation," Symantec's Friday alert read. According to Symantec, a logic bug in the backup software can be exploited to bypass authentication, and give an attacker full access to the system. With that control in hand, the hacker can then tell the Backup Exec Agent to connect to a port designated by the intruder, and transfer any file via the port to a remote PC. __________ Read More / Source: TechWeb