Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Exploit Loose For Veritas NetBackup Bug

Symantec on Tuesday warned users of Veritas NetBackup that a new exploit of a months-old bug is on the prowl, and recommended that administrators patch promptly.

The flaw in NetBackup harks back to early November 2005, when Symantec acknowledged a vulnerability in its Veritas software that could let attackers gain complete control of a system.

"The vulnerability can be exploited before authentication takes place, and as such, is available to any attacker who can connect to the vulnerable daemon," read the original Symantec alert.

A specially crafted packet sent to the NetBackup Volume Manager could conceivably compromise not only the system, but also the data backed up by the software, noted SANS' Internet Storm Center (ISC) late Monday.

"The downside of this exploit is that, in one pass, an attacker would have the ability to create a disaster, and then destroy a company's ability to recover from said disaster," wrote ISC "handler" Tony Carothers on the center's blog.

  • 1