Re: [Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
[Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice TheGesus thegesus at gmail.com Wed Jan 10 16:38:47 GMT 2007 On 1/9/07, Williams, James K James.Williams at ca.com wrote: [...] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice CA is aware that exploit code for a vulnerability in the Tape Engine component of CA BrightStor ARCserve Backup was posted on several security web sites and mailing lists on January 5, 2007. This vulnerability is fixed in BrightStor ARCserve Backup r11.5 Service Pack 2, and a patch for earlier versions of ARCserve will be available shortly. [...] Reference (URL may wrap): http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp Regards, Ken Ken Williams ; 0xE2941985 Director, CA Vulnerability Research [...] TRANSLATION: don't hold your breath waiting for a patch. Agreed. Two days is quite a bit longer than the current competitive static apnea world record of 9 min 04 sec. Patches for all other releases of BrightStor ARCserve Backup are now available via SupportConnect. http://SupportConnect.ca.com BAB r11.5 – QO84983 BAB r11.1 – QO84984 BAB r11.0 – QI82917 BEB r10.5 – QO84986 BAB v9.01 – QO84985 A formal advisory will be sent out later today. Regards, Ken Ken Williams ; 0xE2941985 Director, CA Vulnerability Research ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
On 1/9/07, Williams, James K [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice CA is aware that exploit code for a vulnerability in the Tape Engine component of CA BrightStor ARCserve Backup was posted on several security web sites and mailing lists on January 5, 2007. This vulnerability is fixed in BrightStor ARCserve Backup r11.5 Service Pack 2, and a patch for earlier versions of ARCserve will be available shortly. CA recommends that customers employ best practices in securing their networks and in this case use filtering to block unauthorized access to port 6502 on hosts running the Tape Engine. Tape Engine is part of BrightStor ARCserve Backup server install. BrightStor ARCserve Backup client systems are not affected by this vulnerability. CA customers with questions or concerns should contact CA Technical Support. Reference (URL may wrap): http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-sec notice.asp Regards, Ken Ken Williams ; 0xE2941985 Director, CA Vulnerability Research -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBRaQHAHklkd/ilBmFEQIrBgCeJH6v/J9ROx0nNWmDKRnhAUeaqagAn0Qi KQw+NFhmm8wDXzN6WNdXt0iP =rSaQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ TRANSLATION: don't hold your breath waiting for a patch. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice CA is aware that exploit code for a vulnerability in the Tape Engine component of CA BrightStor ARCserve Backup was posted on several security web sites and mailing lists on January 5, 2007. This vulnerability is fixed in BrightStor ARCserve Backup r11.5 Service Pack 2, and a patch for earlier versions of ARCserve will be available shortly. CA recommends that customers employ best practices in securing their networks and in this case use filtering to block unauthorized access to port 6502 on hosts running the Tape Engine. Tape Engine is part of BrightStor ARCserve Backup server install. BrightStor ARCserve Backup client systems are not affected by this vulnerability. CA customers with questions or concerns should contact CA Technical Support. Reference (URL may wrap): http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-sec notice.asp Regards, Ken Ken Williams ; 0xE2941985 Director, CA Vulnerability Research -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBRaQHAHklkd/ilBmFEQIrBgCeJH6v/J9ROx0nNWmDKRnhAUeaqagAn0Qi KQw+NFhmm8wDXzN6WNdXt0iP =rSaQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/