US-CERT: Veritas Vulnerability Exploited

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The Department of Homeland Security’s US-CERT (Computer Emergency Readiness Team) has issued an alert stating that Veritas Backup Exec software is being actively exploited. The Technical Cyber Security Alert comes a week after the first public disclosure of the Veritas vulnerability.

The active exploitation of Veritas Backup Exec software is the result of a buffer overflow condition that could potentially allow a malicious remote user to execute arbitrary code.

The buffer overflow is triggered by a flaw in how the remote agent software validates incoming packets. Veritas Backup Exec software is a network-enabled recovery and backup solution that listens on TCP port 10000 for incoming connections. Veritas software is shipped by a number of vendors, including NEC and Hitachi.

Security research firm iDefense first discovered the flaw in March and issued a joint public disclosure with Veritas on June 22. According to the iDefense advisory the exploitation does not require authentication and can occur “fairly reliably since the overflow is able to control code execution via the structured exception handler.”

According to Michael Sutton, director of iDefense Labs, a public exploit came out for this vulnerability last Friday.

“Over the weekend, we noticed increased port scanning on port 10000, so it’s safe to assume that the two are related,” Sutton said. “This vulnerability was relatively easy to exploit, so it’s not surprising that a public exploit emerged following the coordinated public disclosure.”

US-CERT confirmed an increased scanning activity on port 10000/tcp, and that exploit code is publicly available.

“This increase is believed to be attempts to locate vulnerable systems running the Veritas Backup Exec Remote Agent,” the alert states.

Veritas issued a hotfix patch at the time of the joint public disclosure of the vulnerability by iDefense and Veritas. Veritas claimed in its advisory that it was “unaware of any adverse customer impact from this issue.” Users were strongly recommended to update their software with the hotfix.

“The patch does fix the vulnerability,” Sutton said. “We were able to work with the vendor ahead of time and assist in testing the patch.”

US-CERT and iDefense have also recommended that users implement some form of firewall network perimeter protection to restrict incoming connections to only trusted workstations.

Article courtesy of

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.