Hot on the heels of the recent BackupExec vulns, the folks at NGS have been busy finding similar buffer overflow vulnerabilities in the StorageExec product. This Windows IT Pro article credits NGS, but NGS’ own web site doesn’t seem to have an alert. Anyway, Symantec has released hotfixes for StorageExec and StorageCentral.
Of course, the real question is whether Symantec is going to institute the same kind of deep-dive security effort that Microsoft did with their Secure Windows Initiative and Trustworthy Computing. Vendors who don’t do that (paging Mr. Ellison! paging Mr. Ellison to the white security phone!) are going to continue to get their pants pulled down by eager, skilled firms like NGS.