Several systems on campus have been hacked through this vulnerability. Please
verify that the proper hotfixes have been applied to any Backup Exec
installation. The following is from the Veritas web site.
Joe
--
Joe Budzyn [log in to unmask]
301 Computer Center Ph: (517) 432-7448
Michigan State University
East Lansing, MI 48824
--------------------------------------------------------------------------------
Document ID: 273419
http://support.veritas.com/docs/273419
Remote exploitation of a stack-based buffer overflow vulnerability in Backup
Exec 8.6 and 9.x may allow the unauthorized execution of arbitrary code.
Details:
The vulnerability specifically exists within the function responsible for
receiving and parsing registration requests. The issue allows a remote
attacker to execute arbitrary code under the privileges of one of the
VERITAS Backup Exec (tm) service processes, which is usually a domain
administrative account.
A hotfix is available for the following versions of Backup Exec:
Backup Exec 8.6 installations should have the following hotfix applied:
Be86hf68_273850.exe 8.60.3878 Hotfix 68 - Backup Exec (Buffer overflow
creates a security hole in Agent Browser)
http://support.veritas.com/docs/273850
Note: Backup Exec 8.6 installations must be upgraded to Backup Exec 8.6
Build 3878 prior to the installation of this hotfix.
Backup Exec 9.0 installations should have the following hotfix applied:
Be4454RF30_274298.exe 9.0.4454 Hotfix 30 - Backup Exec (buffer overflow
creates a security hole in agent browser)
http://support.veritas.com/docs/274298
Note: Backup Exec 9.0 4454 installations must be upgraded to
Backup Exec 9.0 4454 Service Pack 1 prior to the installation of this hotfix.
Note: Backup Exec 9.0 installations can be upgraded to Backup Exec 9.1 4691
Service Pack 1 free of charge. If an upgrade is performed, use the patch below.
Backup Exec 9.1 installations should have the following hotfix applied:
Be4691RHF40_273420.exe 9.1.4691 Hotfix 40 - Backup Exec (buffer overflow
creates a security hole in agent browser)
http://support.veritas.com/docs/273420
Note: Backup Exec 9.1 installations must be upgraded to Backup Exec 9.1
Build 4691 Service Pack 1 prior to the installation of this hotfix.
Workaround for all Backup Exec versions:
To avoid this issue in any version of Backup Exec, a firewall can be used to
restrict incoming connections to trusted workstations running Backup Exec
software.
Note: VERITAS Technical Services recommends that Backup Exec installations
are always kept at the latest version, build, and hotfix level available. It
is also recommended that a full backup is performed prior to and after any
changes are made to a software environment. If you have any questions or
concerns about this issue, please contact VERITAS Technical Services.
VERITAS Software has acknowledged that the above-mentioned issue may be
present in earlier versions of the product which are no longer supported.
There are no plans to address this issue by way of a patch or hotfix in any
end-of-life versions of the product at the present time. The issue has been
addressed in all supported versions of the product specified at the end of
this article. If you have an unsupported version of the product, you will
have to move to a supported version of the product to apply the patch or
implement the workaround mentioned above.
|