Re: Veritas Backup Exec Vulnerability

[Jordan Wiens <numatrix () UFL EDU>]

Sure; nmap will identify the servers running veritas, and metasploit
(http://www.metasploit.com/) can test the vulnerability.

(sample nmap output)
PORT     STATE SERVICE            VERSION
6101/tcp open  VeritasBackupExec?

~~WARNING~~
Of course, following with this thread, be extra careful with Novell
servers.

For the lazy:
(using nmap 3.75, the following works for me)

nmap -sV -O -p6101,6102 10.0.0.0/8 -oG -|grep \
'6101/open/tcp//VeritasBackupExec.*Windows'| awk '{print $2}'\
> windows-veritas-servers.txt

Then just use that as an input file to metasploit.

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061

On Thu, 13 Jan 2005, Samuel Petreski wrote:

> Does anyone know of a proactive way to scan for this vulnerability?
>
> Thanks.
>
> --Samuel
>
> Samuel Petreski
> Network Systems Analyst
> Computing and Network Services
> Kansas State University
> (785) 532-4943
> petreski () ksu edu
>
> -----Original Message-----
> From: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eddie H. Hunter
> Sent: Thursday, January 13, 2005 12:55 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Veritas Backup Exec Vulnerability
>
> Dear All,
>
> We are experiencing some incidents with the Backup Exec exploit on Novell
> Netware Servers and were interested if others were seeing this as well.
> Please drop me a note if you are having the same experience.
>
> Thank You,
>
> Eddie H. Hunter
> UGA Office of Information Security
> UGA-CIRT
> ehunter () uga edu
> 706-542-7949
>
> "Maintaining the Constant Vigil of Integrity"
>
> This message and any attachment is intended only for the use of the
> addressee and may contain information that is PRIVILEGED. If you are not the
> intended recipient, you are hereby notified that any dissemination of this
> communication is strictly prohibited. If you have received this
> communication in error, please erase all copies of the message and its
> attachments and notify us immediately.  Thank You.
>
> Security Warning: Please note that this e-mail has been created in the
> knowledge that Internet e-mail is not a 100% secure communications medium.
> We advise that you understand and observe this lack of security when
> e-mailing us.
>
> Viruses: Although we have taken steps to ensure that this e-mail and
> attachments are free from any virus, we advise that in keeping with good
> computing practice the recipient should ensure they are actually virus
> free.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.