[18653] in bugtraq
Re: Veritas BackupExec (remote DoS)
daemon@ATHENA.MIT.EDU (Michael Owen)
Tue Jan 16 19:16:03 2001
Mime-Version: 1.0
Content-Type: text/plain
Message-Id: <154AACBA9F47D41193060001FAD443E02DE50B@pof06.pcw.com>
Date: Tue, 16 Jan 2001 08:45:25 -0800
Reply-To: Michael Owen <mowen@COSTCO.COM>
From: Michael Owen <mowen@COSTCO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> Hello,
>
> I am using Backup system from Veritas Software
> (http://www.veritas.com/)
> and its Linux agent. That agent is listening TCP-socket (8192 in my
> system) and if someone makes connection to that socket, but
> do not send
> anything to it, the agent hangs forever, even if you close that
> connection. For example portscanners make it to hang.
I reported this to Bugtraq in the Summer of 98, and it still hasn't been
fixed. For about 8 months after that, a Seagate (the previous owner of
BackupExec) rep would email me every 2 weeks stating that it would be fixed
in a future version. It looks like it still hasn't been fixed. This will
work on any of the desktop agents (I've tested AIX, Solaris and win95).
Mike
