VERITAS Backup Exec for Windows Servers Security Advisory: Unauthorized downloading of arbitrary files

Details:

This issue affects the following versions of VERITAS Backup Exec (tm) for Windows Servers along with their respective Remote Agent for Windows Servers (RAWS) and Remote Agent for Linux and Unix Servers (RALUS):

Backup Exec 8.6 for Windows Servers
Backup Exec 9.0 for Windows Servers
Backup Exec 9.1 for Windows Servers
Backup Exec 10.0 for Windows Servers

·
What is affected?

Backup Exec for Windows Servers versions 8.6, 9.0, 9.1 and 10.0 are susceptible to a vulnerability that may allow an unauthorized remote attacker to download arbitrary files. A metasploit framework exploit is available, and there are reports of this vulnerability currently being exploited in the wild. Backup Exec media servers as well as machines using the Remote Agent for Windows Servers (RAWS) and Remote Agent For Linux and Unix Servers (RALUS) are susceptible to this vulnerability.

Note: The risk for this issue can be substantially mitigated if port 10000 is not available outside of the perimeter network.

Formal Resolution

The issue has been resolved in the following Backup Exec hotfixes:

Backup Exec 9.0 4367 for Windows Servers Hotfix 22

http://support.veritas.com/docs/278469

Backup Exec 9.0 4454 for Windows Servers Hotfix 32

http://support.veritas.com/docs/278468

VERITAS Backup Exec (tm) 9.1 for Windows Servers revision 4691 - Service Pack 4 - Includes Critical Security Update

http://support.veritas.com/docs/279308

Backup Exec 10.0 5520 for Windows Servers Hotfix 15

http://support.veritas.com/docs/278465

Backup Exec 10.0 5520 Hotfix 16 - Remote Agent for Linux/UNIX Servers (RALUS) update

http://support.veritas.com/docs/278471

Backup Exec 10.0 5484 for Windows Servers Hotfix 30

http://support.veritas.com/docs/278466

Backup Exec 10.0 5484 Hotfix 31 - Remote Agent for Linux/UNIX Servers (RALUS) update

http://support.veritas.com/docs/278470

Note: Those with Backup Exec 8.6 for Windows Servers will need to either upgrade to a newer version or rely on the workaround.

Workaround Information:

To avoid the issue, implement any of the following workarounds:

Block external access at the network boundary, unless service is required by external parties
Block external access to the service (TCP port 10000) at the network perimeter. Permit access for trusted or internal computers and networks only
Deploy network intrusion detection systems to monitor network traffic for malicious activity
Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities.

·

Symantec strongly recommends the following best practices:

1. Check back with this TechNote frequently as any changes to and fixes for this issues will be reflected here. This document will be updated as more information and/or the resolution become available. It may be necessary to refresh the Web browser interface during subsequent visits to the web page to view the latest version and information: http://support.veritas.com/docs/278434

2. Always perform a Full backup prior to and after any changes to your environment
3. Always make sure that your environment is running the latest version and patch level

If you have any further questions or concerns about this issue, please contact Symantec Enterprise Technical Support

Products Applied:
Backup Exec for Windows Servers 10.0, 8.6, 9.0, 9.1

Last Updated: October 14 2005 02:39 PM GMT
Expires on: 365 days from publish date

Subscribe to receive critical updates about this document

Subjects:
Backup Exec for Windows Servers
   Application: Backup, Remote Agent For Nt
   Publishing Status: Techalert
   Remote Agent For Windows Servers: Configure, Troubleshoot

Languages:
English (US)

Operating Systems:
Windows 2000

Advanced Server, Advanced Server Windows Powered, Datacenter Server, Professional, SAK, Server, Server Windows Powered

Windows NT

4.0 Server, 4.0 Workstation

Windows NT Small Business Server

2000, 4.0, 4.5

Windows XP

Pro 5.1

Windows Server 2003

DataCenter, Enterprise Server, Standard Server, Storage Server, Web Server

Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com

THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.