Antivirus firm Symantec warned today that exploit code is circulating for a known security hole in Computer Associates’ BrightStor ARCServe Backup software, which provides data backup and restore for a variety of operating systems including Windows, Netware, Linux, unix and mac. The company issued an alert early Friday raising the urgency and severity of an earlier warning about the security holes in ARCServe Backup versions 9.01 through 11.5 SP1, as well as CA’s Business Protection Suite software. The remote buffer overflow vulnerability in BrightStor was initially disclosed on January 12, when CA released a patch to fix the hole. According to CA, the flaw in BrightStor’s results from insufficient bounds checking on user-supplied data. Attackers could trigger the overflow using specially crafted RPC (Remote Procedure Call) requests sent to TCP ports 6503 or 6504. Triggering a buffer overflow would allow attackers to run malicious code on the vulnerable system with administrative privileges, allowing them to take control of the vulnerable machine. BrightStor customers are advised to apply the patch that fixes the vulnerability or to block external access to the BrightStor software or use IDS to spot attacks. Backup software is a particularly attractive target for malicious hackers, because the systems — by their nature — store large volumes of data that can be accessed once the systems are compromised, said Max Caceras, director of product management at Core Security. Security