back to article CA reveals ARCserve DDOS threat

CA Technologies has found a nasty flaw in flagship backup software ARCServe. The flaw goes all the way back to version 10 of the product, which has just reached v.16. CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

a flaw

Oh dear!

0
0
Anonymous Coward

Insuficient validation?

How is that possible? Have they ever tried to use ca_auth?

Gahhh!

0
0

Serves them right

Back when I ran an IT department I put in place that under no circumstances would *any* CA product be purchased. CA's record for screwing over customers is second only to Oracle and that drop is only down to them being less competent at it not less motivated.

1
0
FAIL

Version TEN !!

Geez, that was in 2003. Fast work.

0
0
Bronze badge

DDos to make it alower

Another one is to actually use the product with its inbuilt database, its always good at corrupting itself and annoying the PFU (Although the BOFH doesn't mind to much getting additional Tea's).

0
0

Fix to also be offered for ARCserve Backup r12

Please note that we are now offering a fix for 12.0. The security notice has been updated.

A fix is available by request from CA Technologies Support. When creating the support ticket, please refer to patch T146564. Alternatively, an upgrade is available for customers. See CA ARCserve Backup r12 End of Service Announcement at this link for more information: http://bit.ly/GVnxGd

Arun Tejaswi

Technical Consultant, Alliances

CA Technologies

0
0
This topic is closed for new posts.

Forums