In association with heise online

15 January 2007, 10:19

Security update for BrightStor ARCserve Backup

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Several security holes in CA's BrightStor ARCserve Backup can be exploited to break into and get control of a system. Mainly the Tape Engine and the Message Engine RPC are affected; they can be reached over the network on TCP ports 6502 and 6503. Five of the holes are based on buffer overflows and could be used to inject and execute code in a vulnerable system's memory over networks. It suffices to send a specially prepared packet to the engines.

The following software is affected:

BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

CA has provided updates that close the holes. In the past three months, the vendor has had to deal with a number of critical holes in ARCserve. CA seems to be settling into a monthly rhythm in the supply of security updates for its Backup products.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit