| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Jun 2010 19:48:01 -0400 From: "Kotas, Kevin J" <Kevin.Kotas@...com> To: <full-disclosure@...ts.grok.org.uk> Subject: CA20100603-01: Security Notice for CA ARCserve Backup -----BEGIN PGP SIGNED MESSAGE----- CA20100603-01: Security Notice for CA ARCserve Backup Issued: June 3, 2010 CA Technologies support is alerting customers to a security risk with CA ARCserve Backup. A vulnerability exists, CVE-2010-2157, that can potentially allow a local attacker to gain sensitive information. Risk Rating Medium Platform Windows Affected Products CA ARCserve Backup r12.5 SP1 CA ARCserve Backup r12.0 SP2 CA ARCserve Backup r11.5 SP4 Non-Affected Products CA ARCserve Backup r15.0 How to determine if the installation is affected CA ARCserve Backup r12.5, r12.0, r11.5 Windows: 1. Run the ARCserve Patch Management utility. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Patch Management->Patch Status. 2. The main patch status screen will indicate if the patches in the below table are applied. If the patches are not applied, then the installation is vulnerable. Product Patch(es) CA ARCserve Backup r12.5 Windows RO17300 CA ARCserve Backup r12.0 Windows RO17301 and RO17302 CA ARCserve Backup r11.5 Windows RO17303 and RO17306 For more information on the ARCserve Patch Management utility, read document TEC446265. Solution CA ARCserve Backup r12.5 Windows: RO17300 CA ARCserve Backup r12.0 Windows: RO17302 RO17301 CA ARCserve Backup r11.5 Windows: RO17306 RO17303 Workaround None References CVE-2010-2157 - ARCserve Backup information disclosure CA20100603-01: Security Notice for CA ARCserve Backup (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=23 8390 Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at http://support.ca.com/ If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team. (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Technologies Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBTAg8vZI1FvIeMomJAQFCUAf9E8Yd6zolNHV+OYevFPCtbKSmD3iLZYCw wtn8qWrTmy4IFpO90bzjTPzM0m237NSaER+yeF5qCXiu+7p9qG8/uwaJMwCQTtMz F9bP7WD6ma6CwLRdV/6rRWzouFbWtCYhQa6Zv75sPur70TF8Wz32omgu4+Nhn807 vovh04OG0Ceo13stjsmbrl0NoXuYt4Oo7RbJtngtEjH+KQikwRimI0+Wrg9VyqNm IAlsnMWlUPgH6vxaE9yGwrNa0kn9RwjjVCOPtGLsT2D14pt8LYKyoirOVoNU8DeO Q/B6yozdyoWWj+EvLSC0fhrOXmH4XQ/eEP+rCzr9hpui24EQk8Ak/g== =7vzC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists