[18636] in bugtraq
Re: Veritas BackupExec (remote DoS)
daemon@ATHENA.MIT.EDU (Jonah Kowall)
Tue Jan 16 12:48:18 2001
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C07F35.CC3A9740"
Message-ID: <D6E67FDE85B57145A813D522FFCFABCDE192@coco.cinteractive.com>
Date: Mon, 15 Jan 2001 15:57:40 -0500
Reply-To: Jonah Kowall <jkowall@PSTEERING.COM>
From: Jonah Kowall <jkowall@PSTEERING.COM>
X-To: "oh3mqu+bugtraq@TERAFLOPS.COM" <oh3mqu+bugtraq@TERAFLOPS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C07F35.CC3A9740
Content-Type: text/plain;
charset="iso-8859-1"
Doesn't the agent only work on backup exec enterprise editions? That's what
I'm using it with. If you tell them you are using the enterprise edition,
maybe you can get a different response? Tell them you are evaluating it if
need be.
I have connected to it, and disconnected, and I didn't see it stop
responding. I have also opened 3 separate connections, and found it took
all three simultaneously.
Backup Exec -- Unix Agent, Version 5.01 Revision 5.023
Copyright 1999 VERITAS Software Corporation. All Rights Reserved.
This is the version of the Linux agent I am running on redhat 6.2.
-----Original Message-----
From: oh3mqu+bugtraq@TERAFLOPS.COM [mailto:oh3mqu+bugtraq@TERAFLOPS.COM]
Sent: Monday, January 15, 2001 8:25 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Veritas BackupExec (remote DoS)
Hello,
I am using Backup system from Veritas Software (http://www.veritas.com/)
and its Linux agent. That agent is listening TCP-socket (8192 in my
system) and if someone makes connection to that socket, but do not send
anything to it, the agent hangs forever, even if you close that
connection. For example portscanners make it to hang.
I think that the problem is that the software is not using select()
function calls before read() calls and it is not using threads either.
I reported that to the Veritas and they replied "Unfortunately our Backup
Exec Desktop Products do not support backing up Linux machines. I'm
afraid we would be unable to assist you in this instance, however
thank you for your interest."
--
Ari Saastamoinen
oh3mqu+bugtraq@teraflops.com
------_=_NextPart_001_01C07F35.CC3A9740
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: Veritas BackupExec (remote DoS)</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Doesn't the agent only work on backup exec enterprise =
editions? That's what I'm using it with. If you tell them =
you are using the enterprise edition, maybe you can get a different =
response? Tell them you are evaluating it if need be.</FONT></P>
<P><FONT SIZE=3D2>I have connected to it, and disconnected, and I =
didn't see it stop responding. I have also opened 3 separate =
connections, and found it took all three simultaneously.</FONT></P>
<P><FONT SIZE=3D2>Backup Exec -- Unix Agent, Version 5.01 Revision =
5.023</FONT>
<BR><FONT SIZE=3D2>Copyright 1999 VERITAS Software Corporation. =
All Rights Reserved.</FONT>
</P>
<P><FONT SIZE=3D2>This is the version of the Linux agent I am running =
on redhat 6.2.</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: oh3mqu+bugtraq@TERAFLOPS.COM [<A =
HREF=3D"mailto:oh3mqu+bugtraq@TERAFLOPS.COM">mailto:oh3mqu+bugtraq@TERAF=
LOPS.COM</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Monday, January 15, 2001 8:25 AM</FONT>
<BR><FONT SIZE=3D2>To: BUGTRAQ@SECURITYFOCUS.COM</FONT>
<BR><FONT SIZE=3D2>Subject: Veritas BackupExec (remote DoS)</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Hello,</FONT>
</P>
<P><FONT SIZE=3D2>I am using Backup system from Veritas Software (<A =
HREF=3D"http://www.veritas.com/" =
TARGET=3D"_blank">http://www.veritas.com/</A>)</FONT>
<BR><FONT SIZE=3D2>and its Linux agent. That agent is listening =
TCP-socket (8192 in my</FONT>
<BR><FONT SIZE=3D2>system) and if someone makes connection to that =
socket, but do not send</FONT>
<BR><FONT SIZE=3D2>anything to it, the agent hangs forever, even if you =
close that</FONT>
<BR><FONT SIZE=3D2>connection. For example portscanners make it =
to hang.</FONT>
</P>
<P><FONT SIZE=3D2>I think that the problem is that the software is not =
using select()</FONT>
<BR><FONT SIZE=3D2>function calls before read() calls and it is not =
using threads either.</FONT>
</P>
<P><FONT SIZE=3D2>I reported that to the Veritas and they replied =
"Unfortunately our Backup</FONT>
<BR><FONT SIZE=3D2>Exec Desktop Products do not support backing up =
Linux machines. I'm</FONT>
<BR><FONT SIZE=3D2>afraid we would be unable to assist you in this =
instance, however</FONT>
<BR><FONT SIZE=3D2>thank you for your interest."</FONT>
</P>
<P><FONT SIZE=3D2>--</FONT>
<BR><FONT SIZE=3D2>Ari Saastamoinen</FONT>
<BR><FONT SIZE=3D2>oh3mqu+bugtraq@teraflops.com</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C07F35.CC3A9740--
