CA has moved to fix a trio of high risk security holes in its popular BrightStor Hierarchical Storage Manager software.
Last week, CA posted an update to BrightStor HSM. The patch should help protect customers from holes in the CsAgent service that can permit the execution of harmful code by a remote attacker. Those of you running pre-11.6 HSM code will want to fix up your systems.
According to CA, one set of vulns results from "insufficient bounds checking with multiple CsAgent service commands." Another set stems from the "insufficient validation of strings used in SQL statements," while a third set of vulns comes from the "insufficient validation of strings used in SQL statements."
CA noted that researchers at iDefense discovered some of the issues. There's more from iDefense here. ®