A design error in Symantecs Veritas Backup Exec and NetBackup data storage products could put businesses at risk of system access and file download attacks, the company said in an advisory.
Immediately after releasing patches to correct the vulnerability, the Cupertino, Calif.-based network security vendor warned that a public exploit had been posted to the Metasploit Framework.
The publication of the exploit increases the urgency for Veritas Backup Exec and NetBackup users of applying the fixes, Symantec Corp. said in an advisory detailing the risks.
Affected products include Veritas Backup Exec for Windows Servers, Veritas Backup Exec for NetWare Servers and Veritas NetBackup for NetWare Media Server.
The company also provided updates to Symantec ManHunt 3.0, Symantec Network Security 7100 Series, Symantec Gateway Security 2.0 and Symantec Client Security 3.0 to help customers detect attempts to exploit the vulnerability.
Customers running unsupported product versions are strongly advised to upgrade to the latest supported version and apply all updates. “The risk for this issue can be substantially mitigated if port 10000 is not available outside of the perimeter network,” Symantec said.
The company has recommended that businesses deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity.
“This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities. As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up to date,” Symantec added.
According to an alert from FRSIRT (French Security Incident Response Team), the flaw carries a “critical” rating and was due to a design error in which the NDMP (Network Data Management Protocol) agent can be accessed via a hard-coded root password.
“[This] could be exploited by remote attackers to gain access to a vulnerable system and read or write arbitrary files from and to the backup server,” FRSIRT said in the advisory.
This is the second time this year that patches for flaws the Veritas Backup Exec have been released. In June, Veritas flagged and fixed a batch of vulnerabilities that put users at risk of privilege escalation and denial-of-service attacks.
Earlier this month, Computer Associates International Inc. also reported security holes in its enterprise backup software.
The bug was described as a buffer overflow in the BrightStor ARCServe Backup and BrightStor Enterprise Backup application agent code used on Windows platform. A remote attacker successfully exploiting the vulnerability could get access to a users system, CA warned.
Exploit code for that flaw was also publicly released.
