CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
From: "Williams, James K" <James.Williams@xxxxxx>
Date: Tue, 9 Jan 2007 16:19:00 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: Acc0M8etnNZkXTx8QSe2mcY6rwvjLQ==
Thread-topic: CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

CA is aware that exploit code for a vulnerability in the Tape 
Engine component of CA BrightStor ARCserve Backup was posted on 
several security web sites and mailing lists on January 5, 2007. 
This vulnerability is fixed in BrightStor ARCserve Backup r11.5 
Service Pack 2, and a patch for earlier versions of ARCserve will 
be available shortly.

CA recommends that customers employ best practices in securing 
their networks and in this case use filtering to block 
unauthorized access to port 6502 on hosts running the Tape Engine. 
Tape Engine is part of BrightStor ARCserve Backup server install. 
BrightStor ARCserve Backup client systems are not affected by this 
vulnerability.

CA customers with questions or concerns should contact CA 
Technical Support.

Reference (URL may wrap): 
http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp


Regards,
Ken
                                                           
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

Prev by Date: Easy Banner Pro Version 2.8 <= Remote File Inclusion
Next by Date: rPSA-2007-0004-1 bzip2
Previous by thread: Easy Banner Pro Version 2.8 <= Remote File Inclusion
Next by thread: rPSA-2007-0004-1 bzip2
Index(es):
- Date
- Thread