cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

VERITAS Software Security Advisory VX05-002 and BackupExec 8.6

Warren_Selby
Not applicable

‎06-29-2005 02:33 PM

Is version 8.6 rev 3878 effected by this vulnerability?
0 Kudos
8 REPLIES 8

Chris_Jimenez
Level 3

‎06-29-2005 09:36 PM

I second this question, we still have about 30-40% of servers with v8.6
0 Kudos

Jan_Kristensen
Not applicable

‎06-30-2005 12:30 AM

I would also like to see an answer to that question. But if 9.x and 10.x are affected, most likely the same flaws exist in 8.6. Don't you think?

Would be nice though to see a Veritas statement on this version.
0 Kudos

Brandon_Steili
Level 4

‎06-30-2005 02:22 PM

We went ahead and followed the steps outlined in the work around listed on this site anyway...

http://www.idefense.com/application/poi/display?id=272&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=269&type=vulnerabilities


Better safe than sorry....but I'm sure if you just HAD to know, you could quite easily find the code for the proof of concept and try it yourself...
0 Kudos

Ken_Putnam
Level 6

‎06-30-2005 05:11 PM

If you look at the bottom of http://seer.support.veritas.com/docs/276604.htm Veritas lists only v9 and v10 builds as vulnerable
0 Kudos

Brandon_Steili
Level 4

‎07-01-2005 07:36 AM

That's likely because it wasn't tested by Veritas. According to the group that made the find:

iDEFENSE has confirmed the existence of this vulnerability in Backup Exec for Windows Servers versions 9.1 and 10.0. It is suspected that earlier versions are also vulnerable.

8.x versions are fairly well out of date, so I don't blame them (Ver) for not testing it, but it still would be nice to know for sure. Either way, its better to know you're covered than to find out the hard way that just because they didn't explicitly say your version, didn't mean it wasn't going to hit you.
0 Kudos

Ork_Gandalf
Not applicable

‎07-05-2005 08:26 AM

Perhaps versions 8.5 and 8.6 is not listed in Veritas document because these version are end-of-life. But I also wonder if they are vulnerable or not.
0 Kudos

ED_JONES
Level 3

‎07-07-2005 11:19 AM

so for version 8.6 I assume we can only block ports from the outside?

Ports 10000

and

Filter inbound TCP traffic on port 6106 to only trusted clients.

???????
0 Kudos

Bob_Emmons
Level 2

‎07-08-2005 06:56 PM

I did get a response from the company in the version 9.0 forum telling me how to upgrade to supported versions to apply the patch, (which we already knew) but still no definitive statement that the earlier versions are vulnerable.
0 Kudos