Companies that use
Computer
Associates storage software are being warned to update their systems after
exploit code surfaced for a recently-patched vulnerability.
The
US
Computer Emergency Response Team (US-Cert) reported that
exploit
code has been posted for a vulnerability in the CA Brightstor ARCserve
Backup Media application. The exploit targets the 'mediasvr' component in the
software.
SecurityFocus
said that the
vulnerability
is known to exist in at least nine of CA's server security and backup
applications.
Users can mitigate the vulnerability by installing a vendor patch released in
January, according to SecurityFocus.
US-Cert does not list a solution for the vulnerability and advises
administrators to restrict the use of remote procedure call commands.
SecurityFocus said that a successful exploit could offer system-level access
to the target machine with the ability to remotely execute code. If the exploit
attempt fails, a denial of service crash could be triggered.
Do you agree?
Have your say on this article