CA has released patches for its flagship BrightStor ARCserve Backup solution that addresses multiple remotely exploitable critical vulnerabilities. A remote attacker can cause a denial-of-service attack, execute arbitrary code, or take privileged action.
According to CA, the vulnerabilities affect versions r11.5, r11.1, r11 for Windows, and v9.01; however, BrightStor Enterprise Backup r10.5, CA Server Protection Suite r2, and CA Business Protection Suite r2 are also affected. More information regarding these vulnerabilities and available patches can be found in the CA BrightStor ARCserve Backup Security Notice.
Alternate method to determine if you are affected, according to the official advisory:
To determine if you are affected, locate the file "mediasvr.exe" (Default location is "C:\Program Files\CA\BrightStor ARCserve Backup") and check file General attributes by clicking on the right mouse button and selecting Properties.
Any file timestamp earlier than indicated in the following table indicates a vulnerable installation.
Product Version File Name Timestamp File Size 11.5 mediasvr.exe 06/28/2007 15:16:20 110592 bytes 11.1 mediasvr.exe 07/02/2007 10:39:50 106496 bytes 9.01 mediasvr.exe 07/02/2007 13:57:50 98304 bytes
You can obtain more information about the issues and their patches below:
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.