Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/29/2006
03:20 AM
50%
50%

CA Faces Backup Flaw

Tape security flaw in CA's BrightStor ARCserve could open users to DOS attacks

Officials at the U.S. Computer Emergency Readiness Team (US-CERT) have identified a security vulnerability in CA's widely OEM'd BrightStor ARCserve Backup product, which they warn could leave users' systems open to attack.

Officials say that the flaw affects the software's Tape Engine feature, which allows ARCserve Backup products to use tape drives for storage. According to US-Cert, the tape engine contains a vulnerability that is caused by incorrect handling of Remote Procedure Call (RPC) requests, which allow programs to request services across a network.

CERT's Website warns that the vulnerability could be exploited by sending a malformed RPC request to port 6502/tcp on a vulnerable system. In the worst case scenario, officials add, a hacker could use this flaw to execute code on users' systems, which often results in a denial-of-service (DOS) attack. (See Symantec Tracks Cybercrime Rise, Check Point Protects Against BGP DOS , and Cisco Unveils DDOS Protection Solution.)

DOS attacks continue to wreak havoc amongst users. (See Symantec Tracks Cybercrime Rise, and Massive DOS Attacks Against ISPs on the Rise.) Earlier this year, for example, Sun's on-demand grid computing service got smacked with a DOS attack on its first day of service. (See Sun Grid Weathers DOS Attack and Sun Unveils Grid Portal.)

The vendor says that it is looking into the problem. "CA is aware of a vulnerability report describing a remotely exploitable buffer overflow in the Tape Engine component of CA BrightStor ARCserve Backup," explained spokesman Michael Kornspan in an email. The company continues to investigate; there is no word on when a patch might be issued. "Once we conclude our investigation and verify the reported vulnerability, we will provide remediation."

CA has several OEM partners for its ARCserve Backup product. The software, for example, is bundled with Iomega's REV SBS Data Protection offering, and has also been integrated with NEC's ExpressCluster solution. (See Iomega Creates Bundle and Iomega Ships With CA .)

Earlier this year, CA snapped up application availability specialist XOsoft for a reported $100 million in an attempt to boost its data protection story. (See CA Buys XOsoft.) The acquisition was partly driven by CA's desire to integrate XOsoft with ARCserve Backup for protecting and recovering critical applications (See Storage Shopping Spree.)

At least one analyst is urging CA to tackle the reported backup flaw as a matter of urgency. "It's something that CA should be addressing and issuing a patch for right away," says Mike Karp, senior analyst at Enterprise Management Associates, adding that the vulnerability represents yet another tape technology challenge.

"To me, it's a symptom of the fundamental problem of transferring data to tape," he told Byte & Switch. "The trail of custody on tapes is always bad," added Karp, highlighting the high-profile storage snafus at Time Warner and Iron Mountain. (See Tape Security Trips Up Users, A Tale of Lost Tapes, and Iron Mountain Keeps Truckin'.)

Until the flaw is fixed, CERT is urging users to focus attention on their firewalls in an attempt to tackle the ARCserve flaw. "Restricting access to port 6502/tcp at the network perimeter may mitigate the impact of this vulnerability," warns the agency in a note on its Web site. The scope of the vulnerability may also extend across different versions of ARCserve Backup, according to CERT.

The SANS Institute has warned that hackers are increasingly targeting weaknesses in backup and recovery applications. According to analysts, vulnerabilities could be exploited to attack systems running backup servers and clients, which opens up the possibility of an attacker gaining access to sensitive backed-up data. (See Backup Poses Risk, SANS Warns.)

— James Rogers, Senior Editor, Byte and Switch

  • CA Inc. (NYSE: CA)
  • CA XOsoft
  • Computer Emergency Response Team (CERT)
  • Enterprise Management Associates
  • Iomega Corp. (NYSE: IOM)
  • Iron Mountain Inc. (NYSE: IRM)
  • NEC Corp. (Nasdaq: NIPNY; Tokyo: 6701)
  • The SANS Institute
  • Time Warner Inc. (NYSE: TWX)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Threaded  |  Newest First  |  Oldest First
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 10/23/2020
    7 Tips for Choosing Security Metrics That Matter
    Ericka Chickowski, Contributing Writer,  10/19/2020
    Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-24847
    PUBLISHED: 2020-10-23
    A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
    CVE-2020-24848
    PUBLISHED: 2020-10-23
    FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
    CVE-2020-5990
    PUBLISHED: 2020-10-23
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
    CVE-2020-25483
    PUBLISHED: 2020-10-23
    An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
    CVE-2020-5977
    PUBLISHED: 2020-10-23
    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.