Networker flaws

Discussion in 'Backup Software' started by astrog, Jan 20, 2006.

  1. astrog

    astrog Guest

    Backup software flaws pose risk

    By Joris Evers

    Story last modified Wed Jan 18 17:46:00 PST 2006

    Two makers of backup software are dealing with security holes that could
    let an outsider hijack customers' systems.
    EMC has issued patches for flaws in its NetWorker product, while code
    that takes advantage of a known vulnerability in Veritas' NetBackup has
    been publicly released.

    Customers were warned Monday that there are three bugs in NetWorker. One
    may result in a system crash, which would lead to a denial of service.
    The other two could assist an unauthorized user to commandeer the
    computer running the vulnerable backup and data recovery software, the
    company said in a security alert.

    EMC has a fix out for NetWorker 7.2.1. Other versions, specifically
    NetWorker 7.1.4 and 7.3, are not at risk because the necessary code
    changes have already been made, the company said. To date, there are no
    reported attacks that exploit the flaws, EMC noted. The three
    vulnerabilities were outlined by security company iDefense on Tuesday.

    By contrast, companies that use Veritas NetBackup are more likely to
    face attacks. Earlier this week, computer code that takes advantage of a
    known vulnerability in the software was publicly posted on the Internet
    by the French Security Incident Response Team, a security intelligence

    "Immediately after the FrSIRT public release of the exploit against
    Veritas NetBackup, scanning for TCP/13701 started to increase
    dramatically," the SANS Internet Storm Center, which tracks network
    threats, said Wednesday. (TCP/13701 is the port used by the malicious
    code in its attack.)

    In other Feds seek millions of search records
    Special report: Culture shock in the desert
    Newsmaker: Defender of the GPL
    Digital music spins new sales approach
    Images: Where in the Google Earth are we?
    The NetBackup vulnerability was disclosed in November, also by iDefense.
    A buffer overflow vulnerability exists in a shared component of the
    backup product. A successful attack could cause the vulnerable software
    to crash or give an outsider control over the system, according to a
    Symantec alert. Symantec acquired Veritas Software last year.

    Patches for NetBackup are available. The affected software are versions
    5.0.0 and 5.1.0 of the NetBackup Client, NetBackup Enterprise Server and
    NetBackup Server, according to Symantec.

    Data backup tools have become easy targets for attackers, the SANS
    Institute said last year in a security update. Serious security
    vulnerabilities have been disclosed in products from several vendors,
    including Computer Associates and Veritas.

    Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.

    astrog, Jan 20, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.