CA has moved to fix a trio of high risk security holes in its popular BrightStor Hierarchical Storage Manager software.

Last week, CA posted (http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp) an update to BrightStor HSM. The patch should help protect customers from holes in the CsAgent service that can permit the execution of harmful code by a remote attacker. Those of you running pre-11.6 HSM code will want to fix up your systems.

According to CA, one set of vulns results from "insufficient bounds checking with multiple CsAgent service commands." Another set stems from the "insufficient validation of strings used in SQL statements," while a third set of vulns comes from the "insufficient validation of strings used in SQL statements."

CA noted that researchers at iDefense discovered some of the issues. There's more from iDefense here (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=601). ®

Related stories

CA reaps benefits of reaping employees (2 November 2007)
http://www.theregister.co.uk/2007/11/02/ca_q2_2008/
Home PC users at risk: CA (11 September 2007)
http://www.channelregister.co.uk/2007/09/11/online_threat_report/
Spam drizzled in mixed source served up on virtual machines (17 August 2007)
http://www.theregister.co.uk/2007/08/17/wrap_my_hand_in/
Virtualisation all the rage but Peterborough's so real it's dangerous (16 August 2007)
http://www.channelregister.co.uk/2007/08/16/channel_weekly/
Ex-CA boss Kumar checks in for 12 year sentence (15 August 2007)
http://www.channelregister.co.uk/2007/08/15/kumar_sentence/
Of Microsoft Forefront security (2 July 2007)
http://www.channelregister.co.uk/2007/07/02/microsoft_forefront_security/
The decline of antivirus and the rise of whitelisting (27 June 2007)
http://www.channelregister.co.uk/2007/06/27/whitelisting_v_antivirus/
CA in malformed archives malware risk (7 June 2007)
http://www.channelregister.co.uk/2007/06/07/ca_av_security_bug_snafu/