Critical flaws in ARCserve Backup
A number of vulnerabilities have been found in CA ARCserve Backup that would allow an attacker to take control of the system or at least affect its stability. The problem is caused by a a directory traversal vulnerability and, according to the security notice by CA, insufficient validation of a number of parameters. The report does not say whether these are classic buffer overflows, although this is likely, as buffer overflow problems have been a regular occurrence with ARCserve in recent months.
Affected products are CA ARCserve Backup r12.0, r11.5, r11.1 for Windows, Server Protection Suite r2, Business Protection Suite r2, CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2, and Business Protection Suite for Microsoft Small Business Server Premium Edition r2. ARCserve Backup r12.0 Windows SP1 is not affected. Computer Associates has categorized the problem as critical and released updates.
See also:
- Security Notice for CA ARCserve Backup, report from CA
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
