Security Update for NetBackup PureDisk Remote Office
Symantec has drawn attention to a security hole in NetBackup PureDisk Remote Office, through which unauthorised users could possibly access the server upon which the management software is installed. NetBackup PureDisk Remote Office serves to perform non-resource-intensive backups of files at remote stations.
According to the advisory, the management server's authentication process can be tricked into allowing attackers LAN access to the system upon which it is running. The flaw affects Veritas NetBackup 6.0 PureDisk Remote Office Edition (Build GA and MP1) on all operating systems. Symantec did not provide further details on the hole, but is recommending installation of the update that has been prepared to resolve the problem as soon as possible. Maintenance Pack 1 must be installed for Build GA.
- Non-Privileged User Authentication Bypass Elevation of Privilege, Advisory from Symantec