CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
CA is aware that exploit code for a vulnerability in the Tape
Engine component of CA BrightStor ARCserve Backup was posted on
several security web sites and mailing lists on January 5, 2007.
This vulnerability is fixed in BrightStor ARCserve Backup r11.5
Service Pack 2, and a patch for earlier versions of ARCserve will
be available shortly.
CA recommends that customers employ best practices in securing
their networks and in this case use filtering to block
unauthorized access to port 6502 on hosts running the Tape Engine.
Tape Engine is part of BrightStor ARCserve Backup server install.
BrightStor ARCserve Backup client systems are not affected by this
vulnerability.
CA customers with questions or concerns should contact CA
Technical Support.
Reference (URL may wrap):
http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp
Regards,
Ken
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research