| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2007 16:20:00 -0500
From: "Williams, James K" <James.Williams@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: CA BrightStor ARCserve Backup Tape Engine Exploit
Security Notice
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
CA is aware that exploit code for a vulnerability in the Tape
Engine component of CA BrightStor ARCserve Backup was posted on
several security web sites and mailing lists on January 5, 2007.
This vulnerability is fixed in BrightStor ARCserve Backup r11.5
Service Pack 2, and a patch for earlier versions of ARCserve will
be available shortly.
CA recommends that customers employ best practices in securing
their networks and in this case use filtering to block
unauthorized access to port 6502 on hosts running the Tape Engine.
Tape Engine is part of BrightStor ARCserve Backup server install.
BrightStor ARCserve Backup client systems are not affected by this
vulnerability.
CA customers with questions or concerns should contact CA
Technical Support.
Reference (URL may wrap):
http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-sec
notice.asp
Regards,
Ken
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRaQHAHklkd/ilBmFEQIrBgCeJH6v/J9ROx0nNWmDKRnhAUeaqagAn0Qi
KQw+NFhmm8wDXzN6WNdXt0iP
=rSaQ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists