10 October 2008, 13:08

Critical flaws in ARCserve Backup

A number of vulnerabilities have been found in CA ARCserve Backup that would allow an attacker to take control of the system or at least affect its stability. The problem is caused by a a directory traversal vulnerability and, according to the security notice by CA, insufficient validation of a number of parameters. The report does not say whether these are classic buffer overflows, although this is likely, as buffer overflow problems have been a regular occurrence with ARCserve in recent months.

Affected products are CA ARCserve Backup r12.0, r11.5, r11.1 for Windows, Server Protection Suite r2, Business Protection Suite r2, CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2, and Business Protection Suite for Microsoft Small Business Server Premium Edition r2. ARCserve Backup r12.0 Windows SP1 is not affected. Computer Associates has categorized the problem as critical and released updates.

Critical flaws in ARCserve Backup

heise online

heise Security

heise open source

heise networks

Services

Features

Fuzzy ways of finding flaws

Security experts reveal details of WPA hack

Features

Recommended Reading

Forums

Latest Posts