Want CNET to notify you of price drops and the latest stories?

CA plugs serious hole in backup software

Security vulnerability in BrightStor backup products could put corporate networks at risk of cyberattack.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
A serious security flaw in Computer Associates backup products could put corporate systems at risk of cyberattack, security companies have warned.

The vulnerability lies in CA's BrightStor ARCserve Backup Agents and BrightStor Enterprise Backup Agents, according to an alert from the French Security Incident Response Team released Wednesday. The software handles backups of critical systems, FrSirt said.

CA issued software patches to fix the problem on Tuesday.

With the flaw, an intruder could gain full control over the system that runs the backup software by sending an especially crafted request to the agent, said FrSirt, which rates the issue "critical." Code that exploits the flaws is available on the Internet, the French research organization noted.

Data backup tools have become easy targets for attackers, the SANS Institute said in its most recent quarterly security update. Serious security vulnerabilities have been disclosed in products from CA and Veritas in recent months, SANS said

The BrightStor problem is in a remote buffer overflow error in the CA software, according to an advisory from iDefense, which is credited with the discovery of the flaw. Users should apply the fixes or, as a work-around, restrict access to the backup agents from remote networks, iDefense said.