The vulnerability lies in CA's BrightStor ARCserve Backup Agents and BrightStor Enterprise Backup Agents, according to an alert from the French Security Incident Response Team released Wednesday. The software handles backups of critical systems, FrSirt said.
CA issued software patches to fix the problem on Tuesday.
With the flaw, an intruder could gain full control over the system that runs the backup software by sending an especially crafted request to the agent, said FrSirt, which rates the issue "critical." Code that exploits the flaws is available on the Internet, the French research organization noted.
Data backup tools have become easy targets for attackers, the SANS Institute said in its most recent. Serious security vulnerabilities have been disclosed in products from CA and in recent months, SANS said
The BrightStor problem is in a remote buffer overflow error in the CA software, according to an advisory from iDefense, which is credited with the discovery of the flaw. Users should apply the fixes or, as a work-around, restrict access to the backup agents from remote networks, iDefense said.