Results 1 to 6 of 6

Thread: Veritas Backup Exec flaw

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171

    Veritas Backup Exec flaw

    Haven't seen this posted so...

    A flaw in the product's Network Data Management Protocol agent could allow an attacker to gain access to the system and download files, the Fr-SIRT (French Security Incident Response Team) said in a statement Friday. Fr-SIRT rates the vulnerability as "critical."

    Symantec, which acquired Veritas in July of this year, says it is "not aware of any vendor-supplied patches for this issue," according to its alert. The company recommends that users block access to the TCP (Transmission Control Protocol) port that uses the service in question, port 10000.


    http://www.infoworld.com/article/05/...tasflaw_1.html
    Attacks reported for critical Veritas Backup Exec flaw | InfoWorld | News | 2005-08-12 | By Robert McMillan, IDG News Service

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    do people really expose back-up servers to the internet or map port 10000 to it threw the firewall? what advantage is there to a hacker on the network in going for the back-up copy when the original is there. looks like k-otik changed in name only. it's their code that has the kiddies scanning for port 10k
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    what advantage is there to a hacker on the network in going for the back-up copy when the original is there.
    a lot of people neglect to secure their backup servers. they are much more focused on securing the live stuff. Also, backup servers tend to be monitored less, so it makes them good targets. Also, once you have access to the backup server, you can have a launch pad to several other servers since many companies back up many servers to one central one for easy management.

    Once you are in a backup server you have an easier job of gaining access to the others becasue the backup server has the right to just about all data on other servers its backing up.

    and if the company is good, they will have very up to date backups of current files, also many backup servers are only access durring off hours so you can sneak in and hide in the flow of traffic comming from the backup jobs.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  4. #4
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Actually backup servers are an execellent target. Backup servers backup files on critical machines. As XTC mentioned, this means the backup servers have access to the filesystems of these machines. Tools like backup exec make use of accounts(s) that usually have complete access to most critical machines in an infrastructure. This kind of acount can be just the thing an atacker needs, as they are often times admin level or higher. Also consider that many backup suites (like backup exec) install client pieces as well, making laptops,domain controllers,mailservers,desktops and others vulnerable to attacks as well.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i guess im not fully understanding this exploit...im under the impression that it gives the attacker control of the BUexec remote administration software by overriding its authentication are they then able to access the server it is installed on? the software does not have the ability to 'copy & paste' the files it is able to browse.. just back them up and restore them. if they use the software's ability to back up certain files then restore them to the server the software is on instead of the original location then they would have to 'break out' of the memory space that the the software is running in and access the server directly....no?

    ahh! i might be able to answer my own question here...they could restore the files to a computer they do have access to...is this the case?

    there's allot of sites that have the code for this but its been hard for me to find details as to how it works. i guess i better install meta-sploit so i can see for myself in the future.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    as they are often times admin level or higher.
    backup exec accounts are system level, which mean absolute control.

    ahh! i might be able to answer my own question here...they could restore the files to a computer they do have access to...is this the case?
    or change the backup location, or whats being backed up. From what I read there is more room for destruction than control. It also opens doors to newer exploits (small hole turns to BIG hole if not plugged)
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •