Symantec confirms security flaws in Veritas NetBackup

Symantec has confirmed there are security vulnerabilities in its Veritas NetBackup products, which are used widely across businesses.

Both IBM and 3Com subsidiary Tipping Point notified Symantec of security holes in the backup products, which could allow remote attackers to take over users’ systems.

IBM said it had notified Symantec of code errors in the Veritas software that affected NetBackup versions 5.0, 5.1 and 6.0.

“The vulnerability exists in the main NetBackup service and allows attackers to trigger the service to execute malicious commands,” said IBM.

Peter Allor, director of intelligence for IBM Internet Security Systems, said, “This vulnerability can be exploited remotely with no user interaction, allowing attackers to obtain control of affected machines up to administrative privileges.”

Symantec’s security update and a patch for the problem can be found at:

www.symantec.com/avcenter/security/Content/2006.12.13a.html

Comment on this article: computer.weekly@rbi.co.uk