ARMONK, NY - 13 Dec 2006: IBM (NYSE: IBM) today announced that its Internet Security Systems X-Force® research and development team has discovered and preemptively protected customers from a vulnerability in Symantec’s Veritas NetBackup 5.0, 5.1 and 6.0. The vulnerability exists in the main NetBackup service and allows attackers to trigger the service to execute malicious commands.
“This vulnerability can be exploited remotely with no user interaction, allowing attackers to obtain control of affected machines up to administrative privileges,” said Peter Allor, director of intelligence for IBM Internet Security Systems. “Not all enterprises securely deploy Veritas NetBackup, so since it is widely used in enterprise environments, we are urging companies to take immediate action to resolve this issue.”
Veritas NetBackup is a data protection system used in UNIX, Windows, Linux and NetWare environments. It allows remote users to enable backup and recovery operations.
IBM Internet Security Systems customers have been protected from this vulnerability since July 2006. By incorporating the cutting-edge research of X-Force into its products and services, IBM is able to help protect customers from potentially dangerous security incidents before impact. Through the unique IBM Virtual Patch® technology, IBM Internet Security Systems helps shield business assets from attack until companies are able to obtain, test and apply patches from affected vendors.
Symantec’s security update and a patch for this issue can be found at: http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world’s leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
|Services and solutions
Information Management, Lotus, Tivoli, Rational, WebSphere, Open standards, open source
Internet Security Systems is a trademark and Proventia, X-Force and Virtual Patch are registered trademarks of International Business Machines Corporation in the United States, other countries, or both. All other companies and products mentioned are trademarks and property of their respective owners.