lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <MMEPLEIAKBGICDPPJENCAEIFCCAA.marcus.beaman@state.or.us>
Date: Tue, 15 Apr 2003 13:41:32 -0700
From: "Marcus Beaman" <marcus.beaman@...te.or.us>
To: <bugtraq@...urityfocus.com>
Subject: Veritas BackupExec 9.0 may ship with upatched MS SQL Desktop Engine


I don't know if this is worth posting, but I've not seen it run across bugtraq yet, and we at the state found out the hard way:

-Marcus

<snip>
Veritas BackupExec 9.0 that recently shipped out on CD to registered owners (like us)
is vulnerable to the SQL Slammer worm. 
http://seer.support.veritas.com/docs/254244.htm
For some reason, Veritas shipped the CDs with an old, unpatched version of MS
SQL Desktop Engine that is vulnerable.  It took the worm less than two hours
to find the box I upgraded to BackupExec 9.0 on this morning and have it
spewing 20mb/sec onto the network (impressive for an old dual PPro 200).  
If you know of anyone else running BackupExec on their servers, you may want
to warn them before they try to upgrade to the new version.  BackupExec 8.x is
apparently not vulnerable unless it's also running the Network Storage
Executive.
-Greg
</snip>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ