lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1661729952-1123890801-cardhu_blackberry.rim.net-30924-@engine123>
Date: Sat Aug 13 00:53:31 2005
From: jasonc at science.org (Jason Coombs)
Subject: Fw: US-CERT Technical Cyber Security Alert
	TA05-224A -- VERITAS Backup Exec Uses Hard-Coded
	Authentication Credentials

So, what's the password?

-----Original Message-----
From: CERT Advisory <cert-advisory@...t.org>
Date: Fri, 12 Aug 2005 18:16:36 
To:cert-advisory@...t.org
Subject: US-CERT Technical Cyber Security Alert TA05-224A -- VERITAS Backup Exec Uses Hard-Coded Authentication Credentials


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                     National Cyber Alert System

               Technical Cyber Security Alert TA05-224A


VERITAS Backup Exec Uses Hard-Coded Authentication Credentials

   Original release date: August 12, 2005
   Last revised: --
   Source: US-CERT


Systems Affected

     * VERITAS Backup Exec Remote Agent for Windows Servers


Overview

   VERITAS Backup Exec Remote Agent for Windows Servers uses
   hard-coded administrative authentication credentials. An attacker
   with knowledge of these credentials and access to the Remote Agent
   could retrieve arbitrary files from a vulnerable system.


I. Description

   VERITAS Backup Exec Remote Agent for Windows Servers is a data
   backup and recovery solution that supports the Network Data
   Management Protocol (NDMP). NDMP "...is an open standard protocol
   for enterprise-wide backup of heterogeneous network-attached
   storage." By default, the Remote Agent listens for NDMP traffic on
   port 10000/tcp.

   The VERITAS Backup Exec Remote agent uses hard-coded administrative
   authentication credentials. An attacker with knowledge of these
   credentials and access to the Remote Agent may be able to retrieve
   arbitrary files from a vulnerable system. The Remote Agent runs
   with SYSTEM privileges.

   Exploit code, including the credentials, is publicly available.
   US-CERT has also seen reports of increased scanning activity on
   port 10000/tcp. This increase may be caused by attempts to locate
   vulnerable systems.

   US-CERT is tracking this vulnerability as VU#378957.

   Please note that VERITAS has recently merged with Symantec.


II. Impact

   A remote attacker with knowledge of the credentials and access to
   the Remote Agent may be able to retrieve arbitrary files from a
   vulnerable system.


III. Solution

Restrict access

   US-CERT recommends taking the following actions to reduce the chances
   of exploitation:

     * Use firewalls to limit connectivity so that only authorized backup
       server(s) can connect to the Remote Agent. The default port for
       this service is port 10000/tcp.

     * At a minimum, implement some basic protection at the network
       perimeter. When developing rules for network traffic filters,
       realize that individual installations may operate on
       non-standard ports.

     * In addition, changing the Remote Agent's default port from
       10000/tcp may reduce the chances of exploitation. Please refer
       to VERITAS support document 255174 for instructions on how to
       change the default port.

   For more information, please see US-CERT Vulnerability Note VU#378957.


Appendix A. References

     * US-CERT Vulnerability Note VU#378957 -
       <http://www.kb.cert.org/vuls/id/378957>

     * Veritas Backup Exec Remote Agent for Windows Servers Arbitrary
       File Download Vulnerability -
       <http://securityresponse.symantec.com/avcenter/security/Content/14
       551.html>

     * VERITAS support document 255831 -
       <http://seer.support.veritas.com/docs/255831.htm>

     * VERITAS support document 258334 -
       <http://seer.support.veritas.com/docs/258334.htm>

     * VERITAS support document 255174 -
       <http://seer.support.veritas.com/docs/255174.htm>

     * What is NDMP? - <http://www.ndmp.org/info/faq.shtml#1>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA05-224A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@...t.org> with "TA05-224A Feedback VU#378957" in the
   subject.
 ____________________________________________________________________

  To unsubscribe:

    <http://www.us-cert.gov/cas/#unsubscribe>
 ____________________________________________________________________

   Produced 2005 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   Aug 12, 2005: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQv0e3BhoSezw4YfQAQJbFQf9E5d1IyfH5OwAVMgoHwZ2zUiozACJfoEN
zh2X3pYbYCmBhfzr9uQDJW1U0TJfQXvgQUs/bpGVVFH1YHGjTV/Op6vGt4KnUFjW
KRcQrKAy+evk/ajrFlcLr/mM3oM4GdsJvqz9UdFBmU0ET53a10PAxYwLWY+5weB+
7d+TCXvnUkpwrDHo1N331QxrcZaFqZEA0b86dL7X6Cjt39NDv/4EVkoDiWv608w3
V6FGeXIXFpLP241141lQcDnf2WLmAD3oNSK6YbJ1utDu4dezoR164apTZBLEhcp0
AUptGGZGe9PxjyrylxIv8KSxEWB7oajKziQxcQG0IRv4CTP0UPLB7Q==
=cO6/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ