Home / Backup Exec users must get patched up

Backup Exec users must get patched up

The U.S. Computer Emergency Response Team (US-CERT) has warned of a security flaw in Veritas Software’s Backup Exec Remote Agent for Windows back-up tool. This flaw allows a hacker to execute malicious codes and attack corporate systems.

The U.S. Computer Emergency Response Team (US-CERT) has warned of a security flaw in Veritas Software’s Backup Exec Remote Agent for Windows back-up tool. This flaw allows a hacker to execute malicious codes and attack corporate systems.

The Remote Agent tool is part of Veritas’ Backup Exec product family, which is used for network-based back-ups, “listens” for commands addressed to the TCP port 10000 to determine when a back-up should begin. According to US-CERT, the software contains a buffer overflow bug, which could allow a hacker to gain control of a vulnerable system. The hacker could then run applications using administrative privileges and take over corporate network in no time.

Apparently, the Remote Agent software does not properly validate incoming network packets, which according to US-CERT is the main cause of buffer overflow. The Backup Exec Remote Agent bug is one of several security holes in Backup Exec products that Veritas provided fixes for last week at http://support.veritas.com.

Although the Middle East office of Veritas was unable to confirm how many users in this region might be affected by this security flaw, the firm did confirm that most users of the product are small and medium-sized companies. The company and US-CERT are urging companies to apply the available patches and to use firewalls to filter traffic on Port 10000 so that only commands from back-up servers are accepted.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.