August 2005
Exploitation of Veritas Backup Exec Windows Agent Vulnerability
ID: 00679
Ref: 628/05
Date: 12 August 2005:17:05:45
Version: 1
Title: Exploitation of Veritas Backup Exec Windows Agent Vulnerability
Abstract:
Vendors affected: Veritas
Operating systems affected: Veritas
Applications affected: Veritas
Title
=====
Exploitation of Veritas Backup Exec Windows Agent Vulnerability
Detail
======
UNIRAS is aware of reports that a "zero day" remote file access exploit for Veritas
Backup Exec Windows Agent has been published on the Internet. A "zero day" exploit
is one that is believed to use a vulnerability for which no patch has been issued.
We have not verified these reports. However, we are aware of an increase in
scans of systems on port 10000, which Backup Exec uses.
UNIRAS recommends that backup installations should not be directly exposed to the
Internet. Where remote access is required (for example, to back up across wide
area links), such traffic should be protected using virtual private networking
techniques. UNIRAS also recommends that system administrators review their use of
port 10000, and consider limiting access as appropriate.