A patch has been made available for Veritas Backup Exec, which is vulnerable to a buffer overflow exploit.
An increase of port scanning for machines listening on 10000/tcp for incoming connections led the US CERT team to believe malicious activity targeted at a new vulnerability was taking place.
The Veritas Backup Exec Remote Agent for Windows Servers turned out to be the application listening for those connections. Upon investigation, it was found a buffer overflow could allow a remote attacker to execute arbitrary code with administrative privileges on a system.
The company has released a patch to correct the problem. US-CERT and security company iDefense have verified the patch does correct the problem.
For further protection, administrators should ensure connections through a firewall to port 10000 be limited only to backup servers specifically. Veritas is in the process of merging with security company Symantec, which offers firewall products in its catalog.
David Utter is a staff writer for WebProNews covering technology and business. Email him here.
RealNetworks Releases A Real PatchWindows DCOM RPC ExploitMicrosoft Enjoys Mild Patch Tuesday It's Not Just Microsoft's Patch Tuesday AnymoreWindows XP Flaw Needs A PatchMicrosoft Admins Celebrate Patch TuesdayMicrosoft Releases WMF Patch EarlyOfficial Windows Mobile Daylight Savings PatchPeregrine Systems Integrates Patch Management ProgramMicrosoft Release Cumulative Security Patch For Internet Explorer
     |
RSS
Home
Newsletter
Advertising
Comments
Post new comment