CA Technologies has found a nasty flaw in flagship backup software ARCServe. The flaw goes all the way back to version 10 of the product, which has just reached v.16. CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests …
How is that possible? Have they ever tried to use ca_auth?
Back when I ran an IT department I put in place that under no circumstances would *any* CA product be purchased. CA's record for screwing over customers is second only to Oracle and that drop is only down to them being less competent at it not less motivated.
Geez, that was in 2003. Fast work.
Another one is to actually use the product with its inbuilt database, its always good at corrupting itself and annoying the PFU (Although the BOFH doesn't mind to much getting additional Tea's).
Please note that we are now offering a fix for 12.0. The security notice has been updated.
A fix is available by request from CA Technologies Support. When creating the support ticket, please refer to patch T146564. Alternatively, an upgrade is available for customers. See CA ARCserve Backup r12 End of Service Announcement at this link for more information: http://bit.ly/GVnxGd
Technical Consultant, Alliances