CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

CA is aware that exploit code for a vulnerability in the Tape

Engine component of CA BrightStor ARCserve Backup was posted on

several security web sites and mailing lists on January 5, 2007.

This vulnerability is fixed in BrightStor ARCserve Backup r11.5

Service Pack 2, and a patch for earlier versions of ARCserve will

be available shortly.

CA recommends that customers employ best practices in securing

their networks and in this case use filtering to block

unauthorized access to port 6502 on hosts running the Tape Engine.

Tape Engine is part of BrightStor ARCserve Backup server install.

BrightStor ARCserve Backup client systems are not affected by this

vulnerability.

CA customers with questions or concerns should contact CA

Technical Support.

Reference (URL may wrap):

http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secno
tice.asp

Regards,

Ken

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

[ reply ]