[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1335FF3F144C424F839EFBA7AD8A56E0097748F8@USILMS12.ca.com>
Date: Thu, 3 Jun 2010 19:48:01 -0400
From: "Kotas, Kevin J" <Kevin.Kotas@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: CA20100603-01: Security Notice for CA ARCserve
Backup
-----BEGIN PGP SIGNED MESSAGE-----
CA20100603-01: Security Notice for CA ARCserve Backup
Issued: June 3, 2010
CA Technologies support is alerting customers to a security risk with
CA ARCserve Backup. A vulnerability exists, CVE-2010-2157, that can
potentially allow a local attacker to gain sensitive information.
Risk Rating
Medium
Platform
Windows
Affected Products
CA ARCserve Backup r12.5 SP1
CA ARCserve Backup r12.0 SP2
CA ARCserve Backup r11.5 SP4
Non-Affected Products
CA ARCserve Backup r15.0
How to determine if the installation is affected
CA ARCserve Backup r12.5, r12.0, r11.5 Windows:
1. Run the ARCserve Patch Management utility. From the Windows Start
menu, the program can be found under Programs->CA->ARCserve Patch
Management->Patch Status.
2. The main patch status screen will indicate if the patches in the
below table are applied. If the patches are not applied, then the
installation is vulnerable.
Product
Patch(es)
CA ARCserve Backup r12.5 Windows
RO17300
CA ARCserve Backup r12.0 Windows
RO17301 and RO17302
CA ARCserve Backup r11.5 Windows
RO17303 and RO17306
For more information on the ARCserve Patch Management utility, read
document TEC446265.
Solution
CA ARCserve Backup r12.5 Windows:
RO17300
CA ARCserve Backup r12.0 Windows:
RO17302
RO17301
CA ARCserve Backup r11.5 Windows:
RO17306
RO17303
Workaround
None
References
CVE-2010-2157 - ARCserve Backup information disclosure
CA20100603-01: Security Notice for CA ARCserve Backup
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=23
8390
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at http://support.ca.com/
If you discover a vulnerability in a CA Technologies product, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782
Kevin Kotas
CA Technologies Product Vulnerability Response Team
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBTAg8vZI1FvIeMomJAQFCUAf9E8Yd6zolNHV+OYevFPCtbKSmD3iLZYCw
wtn8qWrTmy4IFpO90bzjTPzM0m237NSaER+yeF5qCXiu+7p9qG8/uwaJMwCQTtMz
F9bP7WD6ma6CwLRdV/6rRWzouFbWtCYhQa6Zv75sPur70TF8Wz32omgu4+Nhn807
vovh04OG0Ceo13stjsmbrl0NoXuYt4Oo7RbJtngtEjH+KQikwRimI0+Wrg9VyqNm
IAlsnMWlUPgH6vxaE9yGwrNa0kn9RwjjVCOPtGLsT2D14pt8LYKyoirOVoNU8DeO
Q/B6yozdyoWWj+EvLSC0fhrOXmH4XQ/eEP+rCzr9hpui24EQk8Ak/g==
=7vzC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists