16th Apr 2003 [SBWID-6148]
Veritas BackupExec 9.0 is vulnerable to Slammer worm
Veritas BackupExec 9.0
Marcus Beaman [marcus(dot)beaman(at)state(dot)or(dot)us] found
Veritas BackupExec 9.0 that recently shipped out on CD to registered
owners is vulnerable to the SQL Slammer worm.
For some reason, Veritas shipped the CDs with an old, unpatched version
of MS SQL Desktop Engine that is vulnerable. It took the worm less than
two hours to find the box I upgraded to BackupExec 9.0 on this morning
and have it spewing 20mb/sec onto the network (impressive for an old
dual PPro 200). If you know of anyone else running BackupExec on their
servers, you may want to warn them before they try to upgrade to the
new version. BackupExec 8.x is apparently not vulnerable unless it's
also running the Network Storage Executive.
firewall the MSQL port, or ask veritas for a patch