ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Enterprise applications Toolkit

Backup software hit with security alerts

Joris Evers CNET News.com

Published: 19 Jan 2006 09:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Two makers of backup software are dealing with security holes that could let an outsider hijack customers' systems.

EMC has issued patches for flaws in its NetWorker product, while code that takes advantage of a known vulnerability in Veritas' NetBackup has been publicly released.

Customers were warned on Monday there are three bugs in NetWorker. One may result in a system crash, which would lead to a denial of service. The other two could assist an unauthorised user to commandeer the computer running the vulnerable backup and data recovery software, the company said in a security alert.

EMC has a fix out for NetWorker 7.2.1. Other versions, specifically NetWorker 7.1.4 and 7.3, are not at risk because the necessary code changes have already been made, the company said. To date, there are no reported attacks that exploit the flaws, EMC noted. The three vulnerabilities were outlined by security company iDefense on Tuesday.

By contrast, companies that use Veritas NetBackup are more likely to face attacks. Earlier this week, computer code that takes advantage of a known vulnerability in the software was publicly posted on the Internet by the FrSIRT, a security intelligence provider.

"Immediately after the FrSIRT public release of the exploit against Veritas NetBackup, scanning for TCP/13701 [the port used by the exploit] started to increase dramatically," the SANS Internet Storm Centre, which tracks network threats, said on Wednesday.

The NetBackup vulnerability was disclosed in November, also by iDefense. A buffer overflow vulnerability exists in a shared component of the backup product. A successful attack could cause the vulnerable software to crash or give an outsider control over the system, according to a Symantec alert. Symantec acquired Veritas last year.

Patches for NetBackup are available. The affected software are versions 5.0.0 and 5.1.0 of the NetBackup Client, NetBackup Enterprise Server and NetBackup Server, according to Symantec.

Data backup tools have become easy targets for attackers, the SANS Institute said last year in a security update. Serious security vulnerabilities have been disclosed in products from several vendors, including Computer Associates and Veritas.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
64 out of 139 people found this useful


Full Talkback thread

0 comments


Company/Topic Alerts

Create a new alert from the list below:












Related Jobs

Asset Management company London seeks Desktop support analyst

Expertise required Three years experience of user support and system administration in a Microsoft Windows environment Windows XP & Vista, Microsoft ...

Pre-sales Consultant-NAS Storage, De-duplication,VTLs, NFS, CiFS iSCSI

Pre-sales Consultant-NAS Storage, De-duplication,VTLs, NFS, CiFS FCP iSCSI, HBA Server Conneectivity, Veritas Netbackup, Disaster Recovery, Windows, ...

NT SYSTEMS ENGINEER - CITRIX PS4 - FINANCE - 50K

The successful candidate will have extensive experience of: - Administering Windows 2003 server - Active Directory - Exchange2003 - Citrix PS4 - MS ...

Featured Talkback

The internet is going to have do a lot of maturing before it is ready for this kind of traffic. Security is always going to be a problem, connectivity is poor, and most business's are unwilling for their employees to have open access.

By: ator1940

Read full story:
Microsoft prepares to take Office online