Computer Associates has released a patch for its BrightStor ARCserve and Enterprise Backup systems after a bug that could allow hackers to take control of users’ systems was detected.
The software delivers backup and restore protection for all Windows server systems as well as Windows, Linux, Mac OS X and Unix client environments.
The buffer overflow vulnerability in the Brightstor software was originally identified by security firm iDefense in BrightStor ARCserve Backup Agent for Microsoft SQL Server version 11.0, but it was suspected that all versions might be vulnerable.
In an advisory notice, iDefense warned: “Successful exploitation allows remote attackers to execute arbitrary code with system level privileges.
This allows for complete system compromise including the installation or removal of software and access to any file on the system.”
A CA advisory notice later warned that the flaw had been found in several versions of the software. Patches have now been provided to remedy the problem.