Skip to main content

IBM Internet Security Systems Discovers and Shields Customers from Veritas NetBackup Vulnerability


ARMONK, NY - 13 Dec 2006: IBM (NYSE: IBM) today announced that its Internet Security Systems X-Force® research and development team has discovered and preemptively protected customers from a vulnerability in Symantec’s Veritas NetBackup 5.0, 5.1 and 6.0. The vulnerability exists in the main NetBackup service and allows attackers to trigger the service to execute malicious commands.

“This vulnerability can be exploited remotely with no user interaction, allowing attackers to obtain control of affected machines up to administrative privileges,” said Peter Allor, director of intelligence for IBM Internet Security Systems. “Not all enterprises securely deploy Veritas NetBackup, so since it is widely used in enterprise environments, we are urging companies to take immediate action to resolve this issue.”

Veritas NetBackup is a data protection system used in UNIX, Windows, Linux and NetWare environments. It allows remote users to enable backup and recovery operations.

IBM Internet Security Systems customers have been protected from this vulnerability since July 2006. By incorporating the cutting-edge research of X-Force into its products and services, IBM is able to help protect customers from potentially dangerous security incidents before impact. Through the unique IBM Virtual Patch® technology, IBM Internet Security Systems helps shield business assets from attack until companies are able to obtain, test and apply patches from affected vendors.

Symantec’s security update and a patch for this issue can be found at: http://www.symantec.com/avcenter/security/Content/2006.12.13a.html

About IBM Internet Security Systems

IBM Internet Security Systems is the trusted security advisor to thousands of the world’s leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.

Contact(s) information

Angela Frechette
IBM Internet Security Systems
404-236-3197
afrechet@us.ibm.com

Sharon Dratch
Davies Murphy Group
781-418-2425
iss@daviesmurphy.com

Related XML feeds
Topics XML feeds
Services and solutions
Software
Information Management, Lotus, Tivoli, Rational, WebSphere, Open standards, open source

Internet Security Systems is a trademark and Proventia, X-Force and Virtual Patch are registered trademarks of International Business Machines Corporation in the United States, other countries, or both. All other companies and products mentioned are trademarks and property of their respective owners.