Recently a lot of vulnerability was found in Backup product.
such as Arcserve and Netbackup.
- Arcserve
- http://isc.sans.org/diary.php?storyid=1876
- Backup Exec
- http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
- http://seer.support.veritas.com/docs/285984.htm
I think only backup (file copy process) have to use system privileged role, and other
process unnecessary to hold system privileged.
Backup vender Should design with secure default!
No comments:
Post a Comment