Symantec Patches Critical Hole

Symantec has patched several Veritas products suffering from remote access holes.

By Michael Hall | Posted Aug 15, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Symantec has announced that several of its Veritas products are vulnerable to a remote access vulnerability.

According to an advisory updated over the weekend, VERITAS Backup Exec for Windows Servers, VERITAS Backup Exec for NetWare Servers, and NetBackup for NetWare Media Server Option all suffer from a vulnerability that could allow "unauthorized remote access and the downloading of arbitrary files."

Symantec reported that the exploit is the product of manipulating an encrypted but static password transferred during authentication with the software, and that a public exploit has already been found.

The company has rated the risk impact of the exploit "high," but noted that risks posed by it can be "substantially mitigated" by closing port 10000 at the firewall. Symantec has also released IPS/IDS (define) signatures for several of its security products, including ManHunt, Gateway Security, Client Security, and its Network Security Appliance 7100.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter