Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IBM Security Team Patches CA Security Flaws

IBM said today its Internet Security Systems (ISS) team uncovered and issued patches to fix two critical vulnerabilities in a CA's small business backup and recovery system.



"These kinds of vulnerabilities can be a very big deal. If someone were able to exploit this, they basically have the ability to do remote code execution on a backup server; they are basically in control of the server.
"With these kinds of breaches, it is more critical to detect a vulnerability on the server side -- because that's where all the data resides. But servers tend to be more protected overall. In the past, the bigger problems have occurred on the client-side, because the vulnerability footprint is much larger."
Jordan Wiens
NWC Contributing Technology Editor, Security

The vulnerabilities allow remote users to gain administrative privileges on CA's Brightstor ARCserve platform. Because the backup system is typically used to protect and recover mission critical data, IBM recommends that customers deploy the patches immediately.

A CA spokesman said his company provided patches for these vulnerabilities Thursday morning, hours before IBM's release. CA has not received any reports from customers affected by these vulnerabilities, he added.

Additional information on the security advisories for these vulnerabilities can be found at www.iss.net/threats/252.html and www.iss.net/threats/253.html.

  • 1