受影响系统:
Symantec Backup Exec for Windows Servers 13
Symantec Backup Exec for Windows Servers 12.5
Symantec Backup Exec for Windows Servers 12.0
Symantec Backup Exec for Windows Servers 12 SP3
Symantec Backup Exec for Windows Servers 11d SP4
Symantec Backup Exec for Windows Servers 11d
Symantec Backup Exec 2010 R3
不受影响系统:
Symantec Backup Exec for Windows Servers 2010 R3
描述:
Symantec Backup Exec产品提供了旨在满足您业务需要的可靠数据备份和恢复功能。
Symantec Backup Exec for Windows Server在实现上存在未授权访问漏洞,远程攻击者可利用此漏洞绕过身份验证并以提升的权限执行任意NDMP命令。
在Backup Exec媒体服务器和远程代理之前实施通讯协议的方式中存在MiTM问题。此问题源于缺少媒体服务器和远程代理之前的身份信息验证,可被利用造成权限提升,使攻击者可执行post authentication NDMP命令。
<*来源:Nibin Varghese iViZ Security
链接:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&
*>
建议:
厂商补丁:
Symantec
——–
Symantec已经为此发布了一个安全公告(May 26, 2011)以及相应补丁:
May 26, 2011:Security Advisories Relating to Symantec Products – Symantec Backup Exec Man-in-The-Middle
链接:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&
0 条评论。