Veritas Backup Software - Remote Control Exploit in-the-wild
The Veritas Backup utility suites offer advanced functionality and some of security controls associated with remote control functionality have been compromised. This includes a new in-the-wild exploit and administrators should review trusted Firewall port settings and move to the latest versions of the software as noted in the advisories below.
QUOTE: We received some reports about spikes on port 10000. The main reason for that is the release of the exploit for Veritas, and used by the Metasploit Framework. ... It seems this exploit is crashing the service listening on port 10000. If sysadmins know they have backup exec installed and they scan the system they will see port 6101 and 10000 normally. After the exploit it will show only the port 6101 still listening."
Veritas Security Bulletins
Veritas Backup Exec/NetBackup Request Packet Denial Of Service Vulnerability
Veritas Backup Exec Server Remote Registry Access Vulnerability
Veritas Backup Exec Remote Agent Null Pointer Dereference Denial Of Service Vulnerability
Veritas Backup Exec Remote Agent for Windows Servers Authentication Buffer Overflow Vulnerability
Veritas Backup Exec Admin Plus Pack Option Remote Heap Overflow Vulnerability
VERITAS Backup Exec Web Administration Console Remote Buffer Overflow Vulnerability
FrSirt - Veritas Backup Exec Agent "CONNECT_CLIENT_AUTH" Request Exploit