Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/29/2006
03:20 AM
50%
50%

CA Faces Backup Flaw

Tape security flaw in CA's BrightStor ARCserve could open users to DOS attacks

Officials at the U.S. Computer Emergency Readiness Team (US-CERT) have identified a security vulnerability in CA's widely OEM'd BrightStor ARCserve Backup product, which they warn could leave users' systems open to attack.

Officials say that the flaw affects the software's Tape Engine feature, which allows ARCserve Backup products to use tape drives for storage. According to US-Cert, the tape engine contains a vulnerability that is caused by incorrect handling of Remote Procedure Call (RPC) requests, which allow programs to request services across a network.

CERT's Website warns that the vulnerability could be exploited by sending a malformed RPC request to port 6502/tcp on a vulnerable system. In the worst case scenario, officials add, a hacker could use this flaw to execute code on users' systems, which often results in a denial-of-service (DOS) attack. (See Symantec Tracks Cybercrime Rise, Check Point Protects Against BGP DOS , and Cisco Unveils DDOS Protection Solution.)

DOS attacks continue to wreak havoc amongst users. (See Symantec Tracks Cybercrime Rise, and Massive DOS Attacks Against ISPs on the Rise.) Earlier this year, for example, Sun's on-demand grid computing service got smacked with a DOS attack on its first day of service. (See Sun Grid Weathers DOS Attack and Sun Unveils Grid Portal.)

The vendor says that it is looking into the problem. "CA is aware of a vulnerability report describing a remotely exploitable buffer overflow in the Tape Engine component of CA BrightStor ARCserve Backup," explained spokesman Michael Kornspan in an email. The company continues to investigate; there is no word on when a patch might be issued. "Once we conclude our investigation and verify the reported vulnerability, we will provide remediation."

CA has several OEM partners for its ARCserve Backup product. The software, for example, is bundled with Iomega's REV SBS Data Protection offering, and has also been integrated with NEC's ExpressCluster solution. (See Iomega Creates Bundle and Iomega Ships With CA .)

Earlier this year, CA snapped up application availability specialist XOsoft for a reported $100 million in an attempt to boost its data protection story. (See CA Buys XOsoft.) The acquisition was partly driven by CA's desire to integrate XOsoft with ARCserve Backup for protecting and recovering critical applications (See Storage Shopping Spree.)

At least one analyst is urging CA to tackle the reported backup flaw as a matter of urgency. "It's something that CA should be addressing and issuing a patch for right away," says Mike Karp, senior analyst at Enterprise Management Associates, adding that the vulnerability represents yet another tape technology challenge.

"To me, it's a symptom of the fundamental problem of transferring data to tape," he told Byte & Switch. "The trail of custody on tapes is always bad," added Karp, highlighting the high-profile storage snafus at Time Warner and Iron Mountain. (See Tape Security Trips Up Users, A Tale of Lost Tapes, and Iron Mountain Keeps Truckin'.)

Until the flaw is fixed, CERT is urging users to focus attention on their firewalls in an attempt to tackle the ARCserve flaw. "Restricting access to port 6502/tcp at the network perimeter may mitigate the impact of this vulnerability," warns the agency in a note on its Web site. The scope of the vulnerability may also extend across different versions of ARCserve Backup, according to CERT.

The SANS Institute has warned that hackers are increasingly targeting weaknesses in backup and recovery applications. According to analysts, vulnerabilities could be exploited to attack systems running backup servers and clients, which opens up the possibility of an attacker gaining access to sensitive backed-up data. (See Backup Poses Risk, SANS Warns.)

— James Rogers, Senior Editor, Byte and Switch

  • CA Inc. (NYSE: CA)
  • CA XOsoft
  • Computer Emergency Response Team (CERT)
  • Enterprise Management Associates
  • Iomega Corp. (NYSE: IOM)
  • Iron Mountain Inc. (NYSE: IRM)
  • NEC Corp. (Nasdaq: NIPNY; Tokyo: 6701)
  • The SANS Institute
  • Time Warner Inc. (NYSE: TWX)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/21/2020
    Cybersecurity Bounces Back, but Talent Still Absent
    Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
    Meet the Computer Scientist Who Helped Push for Paper Ballots
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Latest Comment: Exactly
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-25487
    PUBLISHED: 2020-09-22
    PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
    CVE-2020-11856
    PUBLISHED: 2020-09-22
    Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.
    CVE-2020-16202
    PUBLISHED: 2020-09-22
    WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
    CVE-2020-24333
    PUBLISHED: 2020-09-22
    A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only� or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing ...
    CVE-2020-4619
    PUBLISHED: 2020-09-22
    IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.