On Friday major company Symantec announced to IT consultants and users there was a flaw in its Backup Exec storage program. This vulnerability could allow remote attacks on machines and the ability for those attacking to get full control of a machine and view and manipulate sensitive information on corporate networks. This issue is said to affect versions 9.1 and 9.2 of Backup Exec for NetWare Servers and Remote Agent for Windows Servers.
Symantec has already designed fixes to help IT consultants and companies deal with the NetWare problems, but is still investigating flaws in Backup Exec for Windows Servers, Backup Exec Continuous Protection Server (CPS), Remote Agent and other types of Backup Exec Remote Agents.
This particular flaw impacts RPC, the remote procedure call in Backup Exec and if exploited could allow remote attackers the ability to send dangerous code to applications and get control over a machine. Even unsuccessful attacks could cause denial-of-service attacks on systems, according to Symantec and other IT consultants looking at the problems.
This same RPC protocol in charge of an application running on one PC to communicate to another computer was part of the problem in the 2003 Blaster worm that shut down many Windows PCs without any action by users.
The latest vulnerability was discovered by Ron Gula, CTO at Tenable Network Security in Columbia, Maryland. He and other IT consultants looking at the issue have stated that the impact of the flaw is slightly hindered because Backup Exec is typically installed on an internal network and therefore inaccessible from the Internet.
Symantec has declared this flaw is a 10 out of 10 on the danger scale. A year ago, Symantec released a patch for Backup Exec for Windows and NetWare servers that was allowing attackers to control a password in the server and agent authentication process.
Blogged By: Computer Consulting Kit