Security hole in Brightstor Arcserve Backup

CA Computer Associates has reported a security hole in DBASVR.exe that affects Brightstor Arcserve Backup as well as other products. Attackers could provoke buffer overflows and then execute arbitrary code on affected systems without having to authenticate themselves. The security hole was discovered by Pedram Amini from the TippingPoint Security Research Team.

CA reports the following products as being affected:

Computer Associates: BrightStor ARCserve Backup (BAB) r11.1 Client Agent for Windows
Computer Associates: BrightStor ARCserve Backup (BAB) r11.1 Windows
Computer Associates: BrightStor ARCserve Backup 9.01 Windows
Computer Associates: BrightStor ARCserve Backup v9.01 Client Agent for Windows
Computer Associates: BrightStor Enterprise Backup v10.5 for Windows
Computer Associates: CA BrightStor ARCserve Backup - Client Agent r11
Computer Associates: CA BrightStor ARCserve Backup - Client Agent r11.1
Computer Associates: CA BrightStor ARCserve Backup - Client Agent r11.5
Computer Associates: CA BrightStor ARCserve Backup - Client Agent r11.5 SP1
Computer Associates: CA BrightStor ARCserve Backup for Windows r11
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.1
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.5
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.5 SP1
Computer Associates: CA Protection Suites - Protection Suite Server r2 x86 32

The company is recommending that users upgrade from BrightStor ARCserve Backup to the most current version.

(ehe)