Symantec finds bug in Veritas back-up software

System administrators with Veritas Back-up Exec software have been warned to guard against an unpatched vulnerability

Veritas has its new partner, Symantec, to thank for the latest embarrassing news of the vulnerability of its Back-Up software.

On Friday, Symantec released a warning that there was an unpatched vulnerability on Veritas Backup Exec for Windows and NetBackup for Netware, two of the most widely used pieces of storage software.

Over the weekend, Symantec released a series of updates to help deal with the problem.

The news of the flaw came only days after Symantec had released details of a patched problem in the same software. More details then emerged from the French security site FrSIRT which said the "vulnerability identified in Veritas Backup Exec and NetBackup, could be exploited by remote attackers to gain unauthorised access".

FrSIRT maintains the flaw was "due to a design error". According to some sources, exploits are already happening with various Internet security sites reporting increased activity and scans for port 10000.

There is no patch available but Symantec recommends that administrators filter out traffic targeting TCP ports 6101, 6106, and 10000.