IBM announced that its Internet Security Systems X-Force research and development team has discovered and preÃ‚Âemptively protected customers from a vulnerability in Symantec’s Veritas NetBackup 5.0, 5.1 and 6.0. The vulnerability exists in the main NetBackup service and allows attackers to trigger the service to execute malicious commands.
Veritas NetBackup is a data protection system used in UNIX, Windows, Linux and NetWare environments. It allows remote users to enable backup and recovery operations.
“This vulnerability can be exploited remotely with no user interaction, allowing attackers to obtain control of affected machines up to administrative privileges,” said Peter Allor, director of intelligence for IBM Internet Security Systems. “Not all enterprises securely deploy Veritas NetBackup, so since it is widely used in enterprise environments, we are urging companies to take immediate action to resolve this issue.”
The ISS X-Force advisory on this vulnerability can be found at:
Symantec’s security update and a patch for this issue can be found at: http://www.symantec.com/avcenter/security/Content/2006.12.13a.html