Veritas patches backup flaw
Published: 14 Oct 2005 10:45 BST
Veritas on Wednesday issued a patch for a security flaw in its Java authentication service running on NetBackup servers and clients.
The vulnerability in question could let attackers gain remote access to information stored on backup servers.
For Veritas, owned by security-software giant Symantec, this latest flaw in its backup software is the third security glitch in less than four months. In this case, however, the vulnerability not only affects the server but also client systems, said Johannes Ullrich, chief research officer for the SANS Institute.
NetBackup 4.5, 5.0, 5.1 and 6.0, running on all platforms and all versions, are affected by the vulnerability, according to a posting on Veritas' support site.
An attacker could remotely exploit a flaw in the Java authentication service, bpjava-msvc, running on NetBackup servers and clients. The attacker potentially could then execute code.
"The problem with this vulnerability is it's not only running on all the desktops, but, even worse, if a malicious hacker gets into the backup server, they have access to all your backup information," Ullrich said.
Though no exploit code has been found, hackers are laying the groundwork needed to take advantage of the flaw once exploit code is available, Ullrich noted. Hackers are scanning far more computer systems to ascertain if the systems are vulnerable.
He added that users, especially those who experienced a fallout several months ago from an earlier Veritas vulnerability, are likely to patch the most recent flaw quickly.
"A few months ago, there was a similar (Veritas) backup problem that was widespread and caused a lot of headaches," Ullrich said. "People who didn't patch quickly last time will do it much faster this time."
Did you find this article useful?
82 out of 160 people found this useful
- Share this article:
