Once again security holes are found in CA's backup products
CA appears to be caught in a monthly cycle of security updates for its backup products. On the heels of updates in October and November, CA has once again been forced to issue code fixes for critical security problems. This time it was the Discovery Service that contained a potential buffer overflow, capable of executing code with the rights of the Windows SYSTEM account. Both the base version and the various backup agents are affected. Because CA's Protection Suites also contain the backup solutions, they too are vulnerable. An upgrade to BrightStor ARCserve Backup r11.5 SP2 eliminates the bug.
- Security notice from CA
- CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability by Ken Williams, CA Vulnerability Research