Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2005 > Symantec - Three Veritas Technical Advisories

August 2005

Symantec - Three Veritas Technical Advisories

ID: 00683
Ref: 632/05
Date: 15 August 2005:16:33:29
Version: 1
Title: Symantec - Three Veritas Technical Advisories
Abstract:
Vendors affected: Symantec
Applications affected: Symantec

Title
=====
Symantec - Three Veritas Technical Advisories


Detail
======

Symantec have issued three technical advisories relating to Veritas products.
The following are extracts from the advisories and links to the advisory web pages:


1. VERITAS NetBackup (tm) for NetWare Media Servers Security Advisory:
Unauthorized downloading of arbitrary files

"This is a critical technical issue for:
VERITAS NetBackup BusinessServer
VERITAS NetBackup DataCenter
VERITAS NetBackup Enterprise Server
VERITAS NetBackup Server
VERITAS NetBackup for NetWare Media Servers"

"NetBackup for NetWare Media Servers is susceptible to a vulnerability regarding
the unauthorized downloading of arbitrary files. A remote attacker can exploit
this vulnerability and download arbitrary files from the NetWare media server. A
metasploit framework exploit is available and there are reports of this
vulnerability currently being exploited in the wild. This exploit can be performed
on media servers running the NetWare Media Server option. This exploit is
specific to systems running the NetWare Media Server option and does not affect
the Network Data Management Protocol (NDMP) agent."

http://support.veritas.com/docs/278430



2. VERITAS Backup Exec for NetWare Servers Security Advisory: Unauthorized
downloading of arbitrary files

"This is a critical technical issue for:
VERITAS Backup Exec 9.0 and 9.1 for NetWare Servers"

"Backup Exec 9.0 and 9.1 for NetWare Servers is susceptible to a vulnerability that
may allow an unauthorized remote attacker to download arbitrary files. A metasploit
framework exploit is available and there are reports of this vulnerability currently
being exploited in the wild. Backup Exec media servers as well as machines using the
Remote Agent for NetWare (RANW) or Remote Agent for Windows Servers (RAWS) are
susceptible to this vulnerability.

Note: The risk for this issue can be substantially mitigated if port 10000 is not
available outside of the perimeter network."

http://support.veritas.com/docs/278431



3. VERITAS Backup Exec for Windows Servers Security Advisory: Unauthorized
downloading of arbitrary files

"This is a critical technical issue for:
VERITAS Backup Exec for Windows Servers"

"Backup Exec for Windows Servers versions 8.6, 9.0, 9.1 and 10.0 are susceptible to
a vulnerability that may allow an unauthorized remote attacker to download arbitrary
files. A metasploit framework exploit is available, and there are reports of this
vulnerability currently being exploited in the wild. Backup Exec media servers as
well as machines using the Remote Agent for Windows Servers (RAWS) and Remote Agent
For Linux and Unix Servers (RALUS) are susceptible to this vulnerability.

Note: The risk for this issue can be substantially mitigated if port 10000 is not
available outside of the perimeter network."

http://support.veritas.com/docs/278434



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |