CA Technologies has found a nasty flaw in flagship backup software ARCServe. The flaw goes all the way back to version 10 of the product, which has just reached v.16. CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests …
How is that possible? Have they ever tried to use ca_auth?
Serves them right
Back when I ran an IT department I put in place that under no circumstances would *any* CA product be purchased. CA's record for screwing over customers is second only to Oracle and that drop is only down to them being less competent at it not less motivated.
Version TEN !!
Geez, that was in 2003. Fast work.
DDos to make it alower
Another one is to actually use the product with its inbuilt database, its always good at corrupting itself and annoying the PFU (Although the BOFH doesn't mind to much getting additional Tea's).
Fix to also be offered for ARCserve Backup r12
Please note that we are now offering a fix for 12.0. The security notice has been updated.
A fix is available by request from CA Technologies Support. When creating the support ticket, please refer to patch T146564. Alternatively, an upgrade is available for customers. See CA ARCserve Backup r12 End of Service Announcement at this link for more information: http://bit.ly/GVnxGd
Technical Consultant, Alliances
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- 'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
- You stupid BRICK! PCs running Avast AV can't handle Windows fixes