Backup software hit with security alerts
Published: 19 Jan 2006 09:50 GMT
Two makers of backup software are dealing with security holes that could let an outsider hijack customers' systems.
EMC has issued patches for flaws in its NetWorker product, while code that takes advantage of a known vulnerability in Veritas' NetBackup has been publicly released.
Customers were warned on Monday there are three bugs in NetWorker. One may result in a system crash, which would lead to a denial of service. The other two could assist an unauthorised user to commandeer the computer running the vulnerable backup and data recovery software, the company said in a security alert.
EMC has a fix out for NetWorker 7.2.1. Other versions, specifically NetWorker 7.1.4 and 7.3, are not at risk because the necessary code changes have already been made, the company said. To date, there are no reported attacks that exploit the flaws, EMC noted. The three vulnerabilities were outlined by security company iDefense on Tuesday.
By contrast, companies that use Veritas NetBackup are more likely to face attacks. Earlier this week, computer code that takes advantage of a known vulnerability in the software was publicly posted on the Internet by the FrSIRT, a security intelligence provider.
"Immediately after the FrSIRT public release of the exploit against Veritas NetBackup, scanning for TCP/13701 [the port used by the exploit] started to increase dramatically," the SANS Internet Storm Centre, which tracks network threats, said on Wednesday.
The NetBackup vulnerability was disclosed in November, also by iDefense. A buffer overflow vulnerability exists in a shared component of the backup product. A successful attack could cause the vulnerable software to crash or give an outsider control over the system, according to a Symantec alert. Symantec acquired Veritas last year.
Patches for NetBackup are available. The affected software are versions 5.0.0 and 5.1.0 of the NetBackup Client, NetBackup Enterprise Server and NetBackup Server, according to Symantec.
Data backup tools have become easy targets for attackers, the SANS Institute said last year in a security update. Serious security vulnerabilities have been disclosed in products from several vendors, including Computer Associates and Veritas.
Did you find this article useful?
64 out of 139 people found this useful
- Share this article:
