Symantec warns of Veritas flaw

Symantec warned a flaw in Veritas Backup Exec for Windows and NetWare servers that could allow an attacker to gain remote access to a backup server.

Symantec, which acquired Veritas Software earlier this summer, issued patches for the flawed products and also updated its security products to ward off attempts to exploit the vulnerability.

A public exploit for the flaw has been released to the Metasploit penetration testing framework, according to Symantec.

The company advised customers to immediatly apply updates and said the risk from the vulnerability can be "substantially mitigated if port 10000 is not available outside of the permimeter network."

SANS Internet Storm Center reported late last week that that it had seen an increase in scans for port 10000 and advised any users of Backup Exec to deny access to that port from all untrusted networks.

The problem involves a remote access vulnerability that could allow unauthorized remote access and downloading of arbitrary files from and to a backup server, according to Symantec.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.