CA Technologies has found a nasty flaw in flagship backup software ARCServe.

The flaw goes all the way back to version 10 of the product, which has just reached v.16.

CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.”

Many versions of ARCserve can fix the bug with a patch, but CA's advisory says the solution for ARCserve Backup for Windows r12.0 is to “Update to CA ARCserve Backup for Windows r16 SP1.”

We're sure ARCserve users will appreciate the forced upgrade and happily set aside other work to make it happen. ®

Related stories

• Arcserve boxes clever, takes back-up appliance down a price division (20 May 2015)

  https://www.theregister.com/2015/05/20/arcserve_appliance_accelerates_backup_at_low_price/

• Arcserve on split-up with CA Technologies: 'We’re a startup now. We’re really hungry' (28 July 2014)

  https://www.theregister.com/2014/07/28/arcserve_future_plans/

• Software giant CA Technologies dumps arcserve biz (9 July 2014)

  https://www.theregister.com/2014/07/09/software_house_ca_technologies_sells_arcserve/

• Devs spanked for touching vulnerable open-source packages (27 March 2012)

  https://www.theregister.com/2012/03/27/open_source_sec_vulns_survey/

• CA handles La Perla's substantial assets (20 December 2011)

  https://www.theregister.com/2011/12/20/la_perla_ca/

• Will CA's stringent roadmap come back to haunt it? (30 April 2009)

  https://www.theregister.com/2009/04/30/ca_superstitious_roadmap/