Backup products head latest list of vulnerabilities

By SearchSecurity.com staff 25 Jul 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Six Microsoft flaws and assorted vulnerabilities in Veritas backup software, Computer Associates' and Zone Alarm products topped the SANS Institute's quarterly list of the most critical flaws to patch.

"Individuals and organizations that do not correct these problems face a heightened threat that remote, unauthorized hackers will take control of their computers and use them for identity theft, for industrial espionage or for distributing spam or pornography," SANS warned in a statement

"Particularly worrisome this quarter are the extensive vulnerabilities found in the most popular data backup products. Backup products are designed to prevent catastrophes by recording copies of important data and allowing those copies to be stored in a safe place. Unfortunately, those products have become easy targets for attackers and since they have access to substantially all data, their weaknesses create real danger."

Drawn from 422 new vulnerabilities reported during the second quarter of 2005, the flaws must meet five requirements according to SANS: (1) they affect a large number of users; (2) they have not been patched on a substantial number of systems; (3) they allow computers to be taken over by a remote, unauthorized user; (4) sufficient details are available to enable attackers to exploit them; and (5) they were discovered or first patched during the second three months of 2005. Topping the list are:

• Microsoft Internet Explorer Multiple Vulnerabilities [MS05-020 and MS05-025];
• Microsoft Exchange Server Extended Verb Overflow [MS05-021];
• Windows Message Queuing Service Overflow [MS05-017];
• Windows SMB Protocol Processing Overflow [MS05-027];
• Windows HTML Help File Parsing Overflow [MS05-026];
• Windows Shell Remote Code Execution [MS05-016];
• Computer Associates BrightStor ARCServe Backup Overflow;
• Veritas Backup Software Multiple Vulnerabilities;
• Computer Associates and Zone Alarm Vet Library Overflow;
• Oracle Cumulative Update April 2005;
• RealNetworks RealPlayer Multiple Vulnerabilities;
• Apple iTunes MPEG4 File Processing Overflow;
• Mozilla and Firefox Browsers Multiple Vulnerabilities; and
• Apple Cumulative Security Update 2005-005 and 2005-006.

"These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices," Alan Paller, SANS' director of research, said in a statement. "We're publishing this list as a red flag for individuals as well as IT departments. Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected."

SANS reports that the 422 new vulnerabilities discovered or reported this quarter represent an increase of 10.8% from the first quarter of 2005 [381] and an increase of nearly 20% from the second quarter of 2004 [352].

This article originally appeared on SearchSecurity.com.

Tags: Lotus Notes Domino Backup and Recovery,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Lotus Notes Domino Security How to correct Lotus Notes public key mismatches in four easy steps Cracked users' HTTP passwords still a threat on many Lotus Notes R6 and R7 domains Top 10 Notes/Domino administration tips of 2006 Unsecured devices worry IT professionals Online crime as ugly as ever McAfee sued for patent infringement Mobile security starts with policy Antivirus researcher Gullotto leaves Symantec for Microsoft Symantec: Searching for a strategy? Symantec says enterprises failing to secure instant messaging Lotus Notes Domino Backup and Recovery What is Notes 8.5's DAOS (Domino Attachment and Object Storage) feature? Lotus Notes and Domino Server backup and recovery How to automatically create a backup copy of your Domino Directory Replication best practices for Lotus Domino disaster recovery The truth about AutoSave in Lotus Notes/Domino 7 Restoring a corrupt Lotus Notes certlog.nsf file Lotus Notes replication snafu: Accidentally deleted archived email Nine steps to less expensive, more reliable backups Error restoring an NSF archive file: 'File truncated - file may have been damaged' CA buys iLumin, joins email archiving space

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary