In association with heise online

22 November 2006, 10:17

CA's BrightStor ARCserve executes infiltrated code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in Computer Associates' BrightStor ARCserve Backup could be exploited by an attacker from the internet to infiltrate malicious code onto an affected computer and execute it with system privileges. The bug occurs in the Tape Engine tapeeng.exe. A buffer overflow may occur when processing remote procedure calls (RPC) on the default TCP port 6502.

According to the bug report from LSsecurity, BrightStor ARCserve Backup version 11.5 is affected. In a reply to the Full Disclosure mailing list, Ken Williams, director of CA's Vulnerability Research department, stated that developers are working on a solution. Until this is available, administrators can protect their systems by blocking external access via port 6502 or limiting this access to trusted computers using a firewall.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit