cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

High Vulnerability Severity in scanning report - due to BackupExec

dfcwong
Not applicable

‎11-11-2010 08:11 PM

The following "High Vulnerability Severity" problem is identified after performing security scanning on the server.

 

<< VERITAS Backup Exec is a backup and recovery software solution for Microsoft Windows and Unix-based operating systems.
VERITAS Backup Exec Agent versions 10.0, 9.1, and 9.0 running on Microsoft Windows Servers could allow a remote attacker to gain
unauthorized access. A remote attacker can access the Network Data Management Protocol (NDMP) agent using built-in authentication
bypass account to gain access to arbitrary files, including system files.

>>
 

0 Kudos
4 REPLIES 4

Sush---
Level 6
Employee Accredited Certified

‎11-11-2010 09:23 PM

Here are few technotes which I think addresses this issue about the High Vulnerablity:

 

http://www.symantec.com/docs/TECH52128 : Symantec Backup Exec 10.x and 11d for Windows Servers: Patch Summary for Security Advisory SYM07-15

http://www.symantec.com/docs/TECH46710 : Patch summary for Symantec Security Advisories SYM06-004 and SYM06-005

http://www.symantec.com/docs/TECH46709 : Symantec Security Advisory SYM06-004 - Backup Exec Remote Agents (RAWS, RANW, & RALUS)

 

From the information that you have provided I am not sure which is the Backup Exec version that you as 10.0 and 9.1 both are mentioned.

But in any case I would stongly recomment to keep Backup Exec updated to the latest Service Pack and Hot fix level as that would also install the Security patches.

Also ensure that the Remote agent are updated after installling the SP and HF.

 

Thanks,

-Sush...

0 Kudos

teiva-boy
Level 6

‎11-12-2010 02:18 AM

You tagged this post as BE 12.x.  yet your scan results are for BE v9 and v10?

Either way, this is a non-issue that can be ignored in many ways.  1.  Don't install the NDMP option in BE, if you don't need it.  2.  Use a firewall rule from Windows to control the NDMP port to communicate between BE and ONLY an NDMP host, 3.  or upgrade to the newest version of BE.  Additionally, 

 

Frankly, that old of a version of BackupExec...  Upgrade, it's the not the fault of those older builds.  Now, if the newer builds had that same vulnerability, then I would say it's an issue.  

0 Kudos

Hywel_Mallett
Level 6
Certified

‎11-12-2010 02:34 AM

Don't install the NDMP option in BE, if you don't need it ...

This vulnerability is in the remote agent, but the licensing information is entered on the media server, so I suspect the agent listens for NDMP commands whether the license is installed or not.

This viulnerability only seems to apply to versions of Backup Exec up to 10. If you're in a position where an issue on a vulnerability scan is going to cause a problem, then I'd expect you to have a more recent version of Backup Exec.

The CVE entry for this issue is at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2611

0 Kudos

Hywel_Mallett
Level 6
Certified

‎11-12-2010 03:17 AM

Thinking about this further, I think I've seen someone at one point have the same issue, even though they were running an unaffected version of Backup Exec (i.e. newer that version 10).

In that case, the underlying issue was that the vulnerability scanning tool couldn't identify what version of the Backup Exec Remote Agent was installed, so to err on the side of caution, it would report a potential vulnerability if you were running the affected version.

If that's the case, and you're using an unaffected version, then that's your resolution to the issue - your scanning tool is erring on the side of caution.

0 Kudos