According to IBM ISS advisories released today, the two bugs are similar and can be exploited through a stack-based buffer overflow. This could lead to the exposure of confidential information, loss in productivity and a compromised network.
Pete Allor, director of intelligence at IBM ISS, said organisations should take the vulnerabilities seriously because they affect products that manage mission-critical data.
"CA Brightstor ARCserve is widely deployed in corporate environments," he said. "Since it is normally used for the protection and recovery of mission-critical applications, and since these two vulnerabilities are not difficult to exploit, ISS recommends that companies using CA Brightstor ARCserve patch immediately."
A CA spokesman told SCMagazine.com today that the company has patched the flaws and that it was not aware of any customers being affected.
_(20).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
