Updates for CA BrightStor ARCserve Backup
CA has once again fixed multiple vulnerabilities in BrightStor ARCserve Backup, which could have been used to crash or take control of a system. According to the security notice, all that was required was to send a prepared packet with specific arguments for an RPC procedure call to the Tape Engine or portmapper.
The following versions are affected: BrightStor ARCserve Backup r11.5, r11.1, r11 and v9.01, BrightStor Enterprise Backup r10.5, CA Server Protection Suite r2, CA Business Protection Suite r2, Business Protection Suite for Microsoft Small Business, Server Standard Edition r2 Business Protection Suite for Microsoft Small Business and Server Premium Edition r2. The vulnerabilities are only present in Windows systems. Updates are available to fix these vulnerabilities.
- Security Notice for BrightStor ARCserve Backup Tape Engine and Portmapper, security notice from CA