copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » AusCERT2008 and an alleged vulnerability in Symantec...
 

AusCERT2008 and an alleged vulnerability in Symantec Veritas Backup Exec for Windows Servers
Date: 05 October 2007

Click here for printable version
AusCERT 2008 confrence call for papers

This week, AusCERT announced the call for papers for AusCERT2008. We would
really like to see our membership better represented on the AusCERT2008
program, so we encourage all our members to submit a presentation or tutorial
for consideration:

http://conference.auscert.org.au/conf2008/cfp2008.html

Or alternatively, we'd like to hear from our membership for ideas on
interesting presenters who you think may make a good addition to the program.


Symantec Veritas Backup Exec vulnerability??

There has been an alleged vulnerability in Symantec Veritas Backup Exec for
Windows Servers 11d put up on the WabiSabiLabi vulnerability auction site:

http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000147

At this point it would be easy to launch into a rant about this site that is
"to bring the world closer to zero risk". But I'll leave that for another blog
entry.

So, there may be unpatched vulnerability in Symantec Veritas Backup Exec that
is to be soon sold and potentially used publicly. So, as with any backup
product, access to server ports used for backup should be restricted to the
backup client, and vice versa for client ports. All backup service ports should
not be accessible from outside your organisation.


Regards,
Rob and Richard


Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=8163