Veritas Patches Zero-Day Bug

surfaced Friday.

According to Symantec, a logic bug in the backup software could be exploited to bypass authentication, and let an attacker download any file on the system from a remote machine. On Friday, the only remedy available was to filter several TCP ports associated with the backup software.

Sunday, Veritas posted patches for the Windows and NetWare versions of the enterprise program, as well as NetBackup for NetWare Media Server.

Versions 8.6, 9.0, 9.1, and 10.0 of Backup Exec for Windows Servers should be patched, said Veritas, and versions 9.0 and 9.1 of the NetWare edition.

If the patches can't be immediately deployed, Veritas recommended that TCP port 10000 be blocked at the network perimeter.