Attackers target Veritas security hole
A week-old flaw in Veritas backup software is being used by intruders to enter company systems, experts have warned.
Malicious code to exploit a vulnerability in Veritas Software's Backup Exec Remote Agent for Windows is publicly available, the U.S. Computer Emergency Readiness Team said in an alert Thursday. The organization has received reports of attacks and has seen an increase in scanning activity on TCP Port 10000, an indication that hackers are looking for vulnerable systems.
The buffer overflow flaw in the Veritas software could allow an intruder to gain control of a vulnerable system. The tool is used to trigger backup of data on Microsoft Windows servers, to protect the data from computer crashes, storage system catastrophes and other risks. It listens for commands addressed to TCP Port 10000 and accepts links to the backup server before the backup. However, it fails to properly validate incoming packets, Veritas said in an advisory last week.
The Backup Exec Remote Agent bug is one of several flaws in Backup Exec products that Veritas provided fixes for last week. The problem was discovered by security company iDefense, the storage company said.
The company and US-CERT are urging companies to apply the patches. For protection, they could also use a firewall to filter traffic on Port 10000 to accept only commands from backup servers, US-CERT said.
A Veritas representative said the company is not aware of any attacks on customer systems.
Veritas is in the process of merging with security specialist Symantec.