Re: [Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

---

• From: "Williams, James K" <James.Williams@xxxxxx>
• Date: Thu, 11 Jan 2007 11:51:23 -0500

---

[Full-disclosure] CA BrightStor ARCserve Backup Tape Engine
Exploit Security Notice
TheGesus thegesus at gmail.com
Wed Jan 10 16:38:47 GMT 2007

On 1/9/07, Williams, James K <James.Williams at ca.com> wrote:

[...]
CA BrightStor ARCserve Backup Tape Engine Exploit Security
Notice

CA is aware that exploit code for a vulnerability in the Tape
Engine component of CA BrightStor ARCserve Backup was posted on
several security web sites and mailing lists on January 5,
2007. This vulnerability is fixed in BrightStor ARCserve Backup
r11.5 Service Pack 2, and a patch for earlier versions of
ARCserve will be available shortly.
[...]
Reference (URL may wrap):
http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp

Regards,
Ken

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
[...]

TRANSLATION: don't hold your breath waiting for a patch.

Agreed. Two days is quite a bit longer than the current
competitive static apnea world record of 9 min 04 sec.

Patches for all other releases of BrightStor ARCserve Backup are
now available via SupportConnect.
http://SupportConnect.ca.com

BAB r11.5 – QO84983
BAB r11.1 – QO84984
BAB r11.0 – QI82917
BEB r10.5 – QO84986
BAB v9.01 – QO84985

A formal advisory will be sent out later today.

Regards,
Ken

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

---

• Prev by Date: Re: [Full-disclosure] new class of printf issue: int overflow
• Next by Date: [Full-disclosure] Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability
• Previous by thread: Re: [Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
• Next by thread: [Full-disclosure] IisShield 2.2 released
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice ... CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice ... CA is aware that exploit code for a vulnerability in the Tape ... (Full-Disclosure) [Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice ... CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice ... CA is aware that exploit code for a vulnerability in the Tape ... (Full-Disclosure) CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice ... CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice ... CA is aware that exploit code for a vulnerability in the Tape ... (Bugtraq) [Full-disclosure] [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine a ... Backup Tape Engine and Portmapper Vulnerabilities ... CA Advisory Date: 2007-03-15 ... CA BrightStor ARCserve Backup contains four ... The second vulnerability, CVE-2007-0816, is related to ... (Full-Disclosure) [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerab ... Backup Tape Engine and Portmapper Vulnerabilities ... CA Advisory Date: 2007-03-15 ... CA BrightStor ARCserve Backup contains four ... The second vulnerability, CVE-2007-0816, is related to ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Full-Disclosure  > 2007-01