Re: Veritas BackupExec (remote DoS)

[Matthew Keller <kellermg () POTSDAM EDU>]

        Also confirmed with the BackupExec Mac and UNIX (Solaris at least)
agents. Corroborated Win9x and Linux.

> Hi,
>
> I can verify that this problem exists also on the Win9x agents, I couldnt figure out why the agents on our network 
> kept crashing every sunday, and eventually I
> figured out that this was about the time that I had weekly portscans scheduled.
>
> I spoke with Veritas tech support - but nothing was ever done about it.
>
> Jason Griffiths
>
>
>      ----- Original Message -----
>      From: Jonah Kowall
>      To: BUGTRAQ () SECURITYFOCUS COM
>      Sent: Monday, January 15, 2001 12:57 PM
>      Subject: Re: Veritas BackupExec (remote DoS)
>
>      Doesn't the agent only work on backup exec enterprise editions?  That's what I'm using it with.  If you tell 
> them you are using the enterprise edition, maybe you
>      can get a different response?  Tell them you are evaluating it if need be.
>
>      I have connected to it, and disconnected, and I didn't see it stop responding.  I have also opened 3 separate 
> connections, and found it took all three
>      simultaneously.
>
>      Backup Exec -- Unix Agent, Version 5.01 Revision 5.023
>      Copyright 1999 VERITAS Software Corporation.  All Rights Reserved.
>
>      This is the version of the Linux agent I am running on redhat 6.2.
>
>
>      -----Original Message-----
>      From: oh3mqu+bugtraq () TERAFLOPS COM [mailto:oh3mqu+bugtraq () TERAFLOPS COM]
>      Sent: Monday, January 15, 2001 8:25 AM
>      To: BUGTRAQ () SECURITYFOCUS COM
>      Subject: Veritas BackupExec (remote DoS)
>
>
>      Hello,
>
>      I am using Backup system from Veritas Software (http://www.veritas.com/)
>      and its Linux agent.  That agent is listening TCP-socket (8192 in my
>      system) and if someone makes connection to that socket, but do not send
>      anything to it, the agent hangs forever, even if you close that
>      connection.  For example portscanners make it to hang.
>
>      I think that the problem is that the software is not using select()
>      function calls before read() calls and it is not using threads either.
>
>      I reported that to the Veritas and they replied "Unfortunately our Backup
>      Exec Desktop Products do not support backing up Linux machines.  I'm
>      afraid we would be unable to assist you in this instance, however
>      thank you for your interest."
>
>      --
>      Ari Saastamoinen
>      oh3mqu+bugtraq () teraflops com

--

 Matthew Keller
 WebMaster, Interim Network Manager &
   Host Systems Analyst
 Computing & Technology Services
 Information Services Division
 State University of New York at Potsdam

 Website: http://mattwork.potsdam.edu/
 PGP: http://mattwork.potsdam.edu/crypto/