Thursday, June 30, 2005

US-CERT: Veritas Vulnerability Exploited

Sean Michael Kerner writes in

The Department of Homeland Security's (DHS) US-CERT (Computer Emergency Readiness Team) issued an alert stating that Veritas Backup Exec Software is being actively exploited. The Technical Cyber Security Alert comes a week after the first public disclosure of the Veritas vulnerability.

The active exploitation of Veritas' Backup Exec software is the result of a buffer overflow condition that could potentially allow a malicious remote user to execute arbitrary code.

The buffer overflow is triggered by a flaw in how the remote agent software validates incoming packets. Veritas Backup Exec software is a network enabled recovery and backup solution that listens on TCP port 10000 for incoming connections. Veritas software is shipped by a number of vendors, including NEC and Hitachi.


Post a Comment

<< Home