[Dshield] Veritas Backup Exec Windows Agent Remote File Access Exploit

Mark Tombaugh mtombaugh at alliedcc.com
Sat Aug 13 12:55:31 GMT 2005


On Fri, 2005-08-12 at 19:10 -0500, Frank Knobbe wrote:
> On Fri, 2005-08-12 at 18:49 -0500, Frank Knobbe wrote:
> >  I mean,
> > if you are authenticated and authorized to BACKUP using the hard coded
> > root account, aren't you also able to RESTORE data to the server?

You would think, looking at the exploit and the pcap (72 6f 6f 74) would
have clued me in. To save some face, I was talking about the ummm
metasploit plugin in particular... ;p

Frank is, unfortunately, correct.

http://seer.support.veritas.com/docs/278434.htm

A better workaround imo, check the date and status of your last full
backups, disable all Remote Agent for Windows services.
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mark Tombaugh mtombaugh at alliedcc.com Allied Computer Corp
Research Triangle Park www.alliedcc.com tel:(919)598-8900
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





More information about the list mailing list