Symantec Patches Critical Hole

By Michael Hall | Aug 15, 2005 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3527561/Symantec-Patches-Critical-Hole.htm

Symantec has announced that several of its Veritas products are vulnerable to a remote access vulnerability.

According to an advisory updated over the weekend, VERITAS Backup Exec for Windows Servers, VERITAS Backup Exec for NetWare Servers, and NetBackup for NetWare Media Server Option all suffer from a vulnerability that could allow "unauthorized remote access and the downloading of arbitrary files."

Symantec reported that the exploit is the product of manipulating an encrypted but static password transferred during authentication with the software, and that a public exploit has already been found.

The company has rated the risk impact of the exploit "high," but noted that risks posed by it can be "substantially mitigated" by closing port 10000 at the firewall. Symantec has also released IPS/IDS (define) signatures for several of its security products, including ManHunt, Gateway Security, Client Security, and its Network Security Appliance 7100.