Warning: Exploit in wild for CA storage software flaw

[Shawn]

Hackers have released exploit code for a vulnerability in CA storage
software, US-CERT (the U.S. Computer Emergency Readiness Team) has
warned.

The flaw affects CA's BrightStor ARCserve Backup application and is
caused by an unspecified error in the way the "mediasvr.exe" process
handles remote procedure call (RPC) requests, according to the
advisory on the US-CERT website.

An attacker could exploit the vulnerability in order to gain control
of a PC, according to the advisory. A malicious user could remotely
execute code and, if the exploit fails, launch a DoS attack, according
to the advisory.

The team advised organizations that use the software to restrict
access to RPC until a patch is issued.

US-Cert Advisory here

Publicly Available Exploit for Computer Associates BrightStor ARCserve
Backup Vulnerability
added March 30, 2007
US-CERT is aware of publicly available exploit code for vulnerability
in Computer Associates' BrightStor ARCserve Backup software. The
vulnerability is caused by an unspecified error in the way that the
"mediasvr.exe" process handles crafted RPC requests. Successful
exploitation of the vulnerability allows an attacker to gain shell
access to the target machine.

Until a fix becomes available, US-CERT recommends that users restrict
access to RPC.

US-CERT will continue to investigate and provide additional
information as it becomes available.

Shawn