Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Exploits For CA Backup Bug Appear

Several exploits against the just-disclosed vulnerability in Computer Associates' enterprise backup software are in circulation, security companies said Thursday, raising the risk of attack on unpatched systems.

"If you haven't already patched your BrightStor ARCserve Backup software, now would be a really good time," said an analyst with the Internet Storm Center on the organization's handler's diary. "At least three different exploit codes and the code for a scanner have now been released."

Symantec confirmed that exploits were in the wild in an update to its DeepSight Threat Management System alert on the CA ARCserve for Windows vulnerability.

"Two exploit programs have been released, by a security researcher known as 'cybertronic,' which simply send a port binding or connect back payload to a vulnerable system," said Symantec. "[And] the public availability of an exploit tool designed to scan for and exploit hosts increases the likelihood of widespread exploitation occurring.

"Network administrators are strongly urged to ensure TCP and UDP ports 6050 and 6070 are filtered at the network perimeter, and that patches are deployed as soon as possible," Symantec continued.

  • 1