Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Critical Veritas attack code loose

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Critical Veritas attack code loose
Date: Tue, 16 Aug 2005 01:21:32 -0500 (CDT) 
http://www.techworld.com/security/news/index.cfm?NewsID=4215

By Robert McMillan
IDG News Service
15 August 2005

Attackers are exploiting an unpatched hole in Symantec's Veritas
Backup Exec Agent for Windows, the company has warned.

A flaw in the product's Network Data Management Protocol agent could
allow an attacker to gain access to the system and download files, the
Fr-SIRT (French Security Incident Response Team) said in a statement
Friday. Fr-SIRT rates the vulnerability as "critical".

Symantec, which acquired Veritas in July of this year, says it is "not
aware of any vendor-supplied patches for this issue". The company
recommends that users block access to the TCP port that uses the
service in question, port 10,000.

The Metasploit penetration testing toolkit already takes advantage of
this vulnerability, and there are reports that exploits for the flaw
are already being used by attackers, Symantec said.

The SANS Internet Storm Center said on its website on Friday that it
has seen a jump in scans for port 10,000, and it advises Backup Exec
users to block access to that port from all untrusted network.

The flaw affects versions 8.x, 9.0, 9.1, and 10.0 of Backup Exec for
Windows Servers, Fr-SIRT said.




_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Critical Veritas attack code loose, InfoSec News <=
Previous by Date:  [ISN] Zotob worm finds its path limited, InfoSec News
Next by Date:  [ISN] NSF grants target cybersecurity research projects, InfoSec News
Previous by Thread:  [ISN] Zotob worm finds its path limited, InfoSec News
Next by Thread:  [ISN] NSF grants target cybersecurity research projects, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]