November 29, 2006 8:25 AM PST

Symantec issues patch for flaw in backup software

Security specialist Symantec issued a critical update on Tuesday for its Veritas NetBackup 6.0 PureDisk Remote Office Edition, whose vulnerabilities could allow attackers to gain remote control over a user's system.

Symantec issued the security update to address buffer overflow vulnerabilities found in the HTML-embedded scripting language PHP, which is used in its PureDisk software, according to Symantec's security advisory.

Symantec encountered similar buffer overflow vulnerabilities with its NetBackup software earlier this year. The concerns surrounding that problem were compounded when a security organization publicly released computer code that could exploit the flaws.

In this latest case with PureDisk, however, Symantec says it is not aware of any publicly available exploit code.

See more CNET content tagged:
VERITAS NetBackup, Symantec Corp., backup software, flaw, buffer-overflow

5 comments

Join the conversation!
Add your comment
Not Symantec's only problem
As an IT professional, I'm tired of cleaning PC's that are "protected" by Norton branded products.

Viruses and serious spyware seem to operate with ostensible immunity under the nose of the products that users imagine is protecting them. I fouind one piece of spyware that was actually able to disable Norton completely.

Symantec has more than a backup flaw to deal with.
Posted by law_hog (43 comments )
Reply Link Flag
So-called "professional" IT's real problem
As an IT too, what I'm tired of is of listening to complaints of so-called professional IT's (ha, that makes me laugh) that, just because they don't know how to work with Norton products, they bash on them. I run Norton AntiVirus 2006 on my home/working laptop along with miscellaneous proper anti-spyware protection programs and everything I can find sometimes is a couple of tracking cookies with Ad-Aware Professional. Besides, Norton has saved me quite some times of some nasty Trojans and viruses.
You, for one, have more than basic IT learning to call yourself a professional.
Posted by Ryo Hazuki (378 comments )
Link Flag
At least they're starting to learn
They've successfully weaned themselves from Microsoft as they're not waiting for Patch Tuesday to patch. (* GRIN *)

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Veritas customers abandoning Symantec
Many Veritas customers, like myself, are fed up with Symantec. Previous support from Veritas was decent. Now under Symantec, it is totally impossible to get support. A sna-fu in the licensing process in BackupExec 11d has caused a flood of calls into their support lines.

I tried twice to call their 800 number and was disconnected both times after a 40 minute wait. The line is now unreachable and you get a busy tone. An open ticket on their customercare support site has been unanswered/unassigned for over 2 weeks.

Their support forums are filled to dissatisfied customers like this one <a class="jive-link-external" href="http://forums.symantec.com/discussions/thread.jspa?threadID=69331&#38;tstart=0" target="_newWindow">http://forums.symantec.com/discussions/thread.jspa?threadID=69331&#38;tstart=0</a>

I am also abandoning Symantec and going to EMC/Dantz/Retrospect. I called them and got a solution within a minute.
Posted by SamMapson (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.