[18624] in bugtraq
Veritas BackupExec (remote DoS)
daemon@ATHENA.MIT.EDU (oh3mqu+bugtraq@TERAFLOPS.COM)
Mon Jan 15 15:09:47 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10101151522290.5546-100000@vernon.teraflops.com>
Date: Mon, 15 Jan 2001 15:24:59 +0200
Reply-To: oh3mqu+bugtraq@TERAFLOPS.COM
From: oh3mqu+bugtraq@TERAFLOPS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSI.4.05L.10101101335100.24087-100000@mail.eclipse.net>
Hello,
I am using Backup system from Veritas Software (http://www.veritas.com/)
and its Linux agent. That agent is listening TCP-socket (8192 in my
system) and if someone makes connection to that socket, but do not send
anything to it, the agent hangs forever, even if you close that
connection. For example portscanners make it to hang.
I think that the problem is that the software is not using select()
function calls before read() calls and it is not using threads either.
I reported that to the Veritas and they replied "Unfortunately our Backup
Exec Desktop Products do not support backing up Linux machines. I'm
afraid we would be unable to assist you in this instance, however
thank you for your interest."
--
Ari Saastamoinen
oh3mqu+bugtraq@teraflops.com
