Veritas Exploit on the Web
Via The SANS ISC Daily Handler's Diary.
FrSIRT has notified the ISC that a new exploit has been released utilizing the Stack Overflow vulnerability in Veritas Netbackup Enterprise Server. As a reminder, a specifically crafted packet, sent to the Volume Manager via port 13701, will cause a stack overflow, allowing the attacker to run code of her/his choosing. Authentication by the attacker is not needed to take advantage of this vulnerability.
The vulnerability that this exploit takes advantage of is ~60 days old. The downside of this exploit is that, in one pass, an attacker would have the ability to create a disaster, and then destroy a company's ability to recover from said disaster.
posted by Fergie @ 1/16/2006 04:12:00 PM
0 Comments:
Post a Comment
<< Home