I don't know if this is worth posting, but I've not seen it run across bugtraq yet, and we at the state found out the hard way: -Marcus <snip> Veritas BackupExec 9.0 that recently shipped out on CD to registered owners (like us) is vulnerable to the SQL Slammer worm. http://seer.support.veritas.com/docs/254244.htm For some reason, Veritas shipped the CDs with an old, unpatched version of MS SQL Desktop Engine that is vulnerable. It took the worm less than two hours to find the box I upgraded to BackupExec 9.0 on this morning and have it spewing 20mb/sec onto the network (impressive for an old dual PPro 200). If you know of anyone else running BackupExec on their servers, you may want to warn them before they try to upgrade to the new version. BackupExec 8.x is apparently not vulnerable unless it's also running the Network Storage Executive. -Greg </snip>
This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 13:55:55 PDT