Anti-virus firm Symantec warned today that exploit code is circulating for a known security hole in Computer Associates' BrightStor ARCServe Backup software, which provides data backup and restore for a variety of operating systems including Windows, Netware, Linux, Unix, and Mac.
Symantec issued an alert early Friday, after exploit code was posted to the Securityfocus Web site. The alert raised the urgency and severity of an earlier warning about the security holes in ARCServe Backup versions 9.01 through 11.5 SP1, as well as CA's Business Protection Suite software. The exploit code is designed to run on Windows XP and Windows 2000 systems.
The remote buffer overflow vulnerability in BrightStor was initially disclosed on January 12, when CA released a patch to fix the hole.
According to CA, the flaw results from insufficient bounds checking on user-supplied data. Attackers could trigger the overflow using specially crafted RPC (Remote Procedure Call) requests sent to TCP ports 6503 or 6504. Triggering a buffer overflow would allow attackers to run malicious code on the vulnerable system with administrative privileges, allowing them to take control of the vulnerable machine.
Backup software is a particularly attractive target for malicious hackers, because the systems -- by their nature -- store large volumes of data that can be accessed when the systems are compromised, said Max Caceras, director of product management at Core Security.
BrightStor customers are advised to apply the patch that fixes the vulnerability or to block external access to the BrightStor software or use IDS to spot attacks.