CA reveals ARCserve DDOS threat
Forced upgrades on the way for some users?
Agentless Backup is Not a Myth
CA Technologies has found a nasty flaw in flagship backup software ARCServe.
The flaw goes all the way back to version 10 of the product, which has just reached v.16.
CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.”
Many versions of ARCserve can fix the bug with a patch, but CA's advisory says the solution for ARCserve Backup for Windows r12.0 is to “Update to CA ARCserve Backup for Windows r16 SP1.”
We're sure ARCserve users will appreciate the forced upgrade and happily set aside other work to make it happen. ®
COMMENTS
Serves them right
Back when I ran an IT department I put in place that under no circumstances would *any* CA product be purchased. CA's record for screwing over customers is second only to Oracle and that drop is only down to them being less competent at it not less motivated.
Fix to also be offered for ARCserve Backup r12
Please note that we are now offering a fix for 12.0. The security notice has been updated.
A fix is available by request from CA Technologies Support. When creating the support ticket, please refer to patch T146564. Alternatively, an upgrade is available for customers. See CA ARCserve Backup r12 End of Service Announcement at this link for more information: http://bit.ly/GVnxGd
Arun Tejaswi
Technical Consultant, Alliances
CA Technologies
DDos to make it alower
Another one is to actually use the product with its inbuilt database, its always good at corrupting itself and annoying the PFU (Although the BOFH doesn't mind to much getting additional Tea's).
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
