Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: a6148.htm

Veritas BackupExec 9.0 is vulnerable to Slammer worm
16th Apr 2003 [SBWID-6148]

	Veritas BackupExec 9.0 is vulnerable to Slammer worm


	Veritas BackupExec 9.0


	Marcus    Beaman    [marcus(dot)beaman(at)state(dot)or(dot)us]     found
	Veritas BackupExec 9.0 that recently shipped out  on  CD  to  registered
	owners is vulnerable to the SQL Slammer worm.
	For some reason, Veritas shipped the CDs with an old, unpatched  version
	of MS SQL Desktop Engine that is vulnerable. It took the worm less  than
	two hours to find the box I upgraded to BackupExec 9.0 on  this  morning
	and have it spewing 20mb/sec onto the network  (impressive  for  an  old
	dual PPro 200). If you know of anyone else running BackupExec  on  their
	servers, you may want to warn them before they try  to  upgrade  to  the
	new version. BackupExec 8.x is apparently  not  vulnerable  unless  it's
	also running the Network Storage Executive.


	firewall the MSQL port, or ask veritas for a patch

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH