---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: CA BrightStor ARCserve Backup Vulnerabilities SECUNIA ADVISORY ID: SA24512 VERIFY ADVISORY: http://secunia.com/advisories/24512/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 11.x (for Microsoft SQL Server) http://secunia.com/product/8144/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ DESCRIPTION: Some vulnerabilities have been reported in BrightStor ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. 1) An unspecified error within the handling of certain RPC request arguments within the Tape Engine service can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. 2) An insecure RPC function can be invoked that can cause the Tape Engine service to shut down. The vulnerabilities are reported in the following products: * BrightStor ARCserve Backup r11.5 * BrightStor ARCserve Backup r11.1 * BrightStor ARCserve Backup r11 for Windows * BrightStor Enterprise Backup r10.5 * BrightStor ARCserve Backup v9.01 * CA Server Protection Suite r2 * CA Business Protection Suite r2 * CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 * CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 SOLUTION: Apply patches: BrightStor ARCserve Backup r11.5 - QO86255: http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86255 BrightStor ARCserve Backup r11.1 - QO86258: http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86258 BrightStor ARCserve Backup r11.0 - QI82917: http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI82917 BrightStor Enterprise Backup r10.5 - QO86259: http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86259 BrightStor ARCserve Backup v9.01 - QO86260: http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86260 PROVIDED AND/OR DISCOVERED BY: The vendor credits McAfee. ORIGINAL ADVISORY: CA: http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------