US-CERT issues warning about new VERITAS Backup Exec vulnerability
VERITAS Backup Exec Remote Agent for Windows Servers uses hard-coded administrative authentication credentials. An attacker with knowledge of these credentials and access to the Remote Agent could retrieve arbitrary files from a vulnerable system. Description The VERITAS Backup Exec Remote agent uses hard-coded administrative authentication credentials. An attacker with knowledge of these credentials and access to the Remote Agent may be able to retrieve arbitrary files from a vulnerable system. The Remote Agent runs with SYSTEM privileges. Exploit code, including the credentials, is publicly available. US-CERT has also seen reports of increased scanning activity on port 10000/tcp. This increase may be caused by attempts to locate vulnerable systems. US-CERT is tracking this vulnerability as VU#378957. Please note that VERITAS has recently merged with Symantec. Impact Solution : restrict access US-CERT recommends taking the following actions to reduce the chances of exploitation: * Use firewalls to limit connectivity so that only authorized backup server(s) can connect to the Remote Agent. The default port for this service is port 10000/tcp. * At a minimum, implement some basic protection at the network perimeter. When developing rules for network traffic filters, realize that individual installations may operate on non-standard ports. * In addition, changing the Remote Agent's default port from 10000/tcp may reduce the chances of exploitation. Please refer to VERITAS support document 255174 for instructions on how to change the default port. For more information, please see US-CERT Vulnerability Note VU#378957 at http://www.us-cert.gov/cas/techalerts/TA05-224A.html
•Date: 16th August 2005 • Region: US• Type:
Article •Topic: Warnings |
