16th Apr 2003 [SBWID-6148]
	Veritas BackupExec 9.0 is vulnerable to Slammer worm
	Veritas BackupExec 9.0
	Marcus    Beaman    [marcus(dot)beaman(at)state(dot)or(dot)us]     found
	Veritas BackupExec 9.0 that recently shipped out  on  CD  to  registered
	owners is vulnerable to the SQL Slammer worm.
	For some reason, Veritas shipped the CDs with an old, unpatched  version
	of MS SQL Desktop Engine that is vulnerable. It took the worm less  than
	two hours to find the box I upgraded to BackupExec 9.0 on  this  morning
	and have it spewing 20mb/sec onto the network  (impressive  for  an  old
	dual PPro 200). If you know of anyone else running BackupExec  on  their
	servers, you may want to warn them before they try  to  upgrade  to  the
	new version. BackupExec 8.x is apparently  not  vulnerable  unless  it's
	also running the Network Storage Executive.
	firewall the MSQL port, or ask veritas for a patch