mailing list archives
Re: Veritas BackupExec (remote DoS)
From: Michael Owen <mowen () COSTCO COM>
Date: Tue, 16 Jan 2001 08:45:25 -0800
I am using Backup system from Veritas Software
and its Linux agent. That agent is listening TCP-socket (8192 in my
system) and if someone makes connection to that socket, but
do not send
anything to it, the agent hangs forever, even if you close that
connection. For example portscanners make it to hang.
I reported this to Bugtraq in the Summer of 98, and it still hasn't been
fixed. For about 8 months after that, a Seagate (the previous owner of
BackupExec) rep would email me every 2 weeks stating that it would be fixed
in a future version. It looks like it still hasn't been fixed. This will
work on any of the desktop agents (I've tested AIX, Solaris and win95).