Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: a6148.htm

Veritas BackupExec 9.0 is vulnerable to Slammer worm



16th Apr 2003 [SBWID-6148]
COMMAND

	Veritas BackupExec 9.0 is vulnerable to Slammer worm

SYSTEMS AFFECTED

	Veritas BackupExec 9.0

PROBLEM

	Marcus    Beaman    [marcus(dot)beaman(at)state(dot)or(dot)us]     found
	following:
	
	Veritas BackupExec 9.0 that recently shipped out  on  CD  to  registered
	owners is vulnerable to the SQL Slammer worm.
	http://seer.support.veritas.com/docs/254244.htm
	
	For some reason, Veritas shipped the CDs with an old, unpatched  version
	of MS SQL Desktop Engine that is vulnerable. It took the worm less  than
	two hours to find the box I upgraded to BackupExec 9.0 on  this  morning
	and have it spewing 20mb/sec onto the network  (impressive  for  an  old
	dual PPro 200). If you know of anyone else running BackupExec  on  their
	servers, you may want to warn them before they try  to  upgrade  to  the
	new version. BackupExec 8.x is apparently  not  vulnerable  unless  it's
	also running the Network Storage Executive.

SOLUTION

	firewall the MSQL port, or ask veritas for a patch


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH