In association with heise online

10 October 2008, 12:08

Critical flaws in ARCserve Backup

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A number of vulnerabilities have been found in CA ARCserve Backup that would allow an attacker to take control of the system or at least affect its stability. The problem is caused by a a directory traversal vulnerability and, according to the security notice by CA, insufficient validation of a number of parameters. The report does not say whether these are classic buffer overflows, although this is likely, as buffer overflow problems have been a regular occurrence with ARCserve in recent months.

Affected products are CA ARCserve Backup r12.0, r11.5, r11.1 for Windows, Server Protection Suite r2, Business Protection Suite r2, CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2, and Business Protection Suite for Microsoft Small Business Server Premium Edition r2. ARCserve Backup r12.0 Windows SP1 is not affected. Computer Associates has categorized the problem as critical and released updates.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit