lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <649CDCB56C88AA458EFF2CBF494B62041C3AC7@USILMS12.ca.com>
Date: Wed, 10 Aug 2011 12:59:43 -0400
From: "Williams, James K" <James.Williams@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: CA20110809-01: Security Notice for CA ARCserve D2D

 
CA20110809-01: Security Notice for CA ARCserve D2D
 

Issued:  August 9, 2011
 

CA Technologies support is alerting customers to a security risk 
associated with CA ARCserve D2D. A vulnerability exists that can 
allow a remote attacker to access credentials and execute arbitrary 
commands.  CA Technologies has issued a patch to address the 
vulnerability.
 
The vulnerability, CVE-2011-3011, is due to improper session handling. 
A remote attacker can access credentials and execute arbitrary 
commands.
 

Risk Rating 
 
High
 

Platform 
 
Windows
 

Affected Products 
 
CA ARCserve D2D r15
 

How to determine if the installation is affected 
 
Search under TOMCAT directory for "BaseServiceImpl.class", and if the 
date is earlier than August 03, 2011, then you should apply fix 
RO33517.
 

Solution
 
CA has issued a patch to address the vulnerability.
 
CA ARCserve D2D r15:
RO33517
 

Workaround

None
 

References
 
CVE-2011-3011 - CA ARCserve D2D session handling vulnerability
 

Acknowledgement
 
None
 

Change History
 
Version 1.0: Initial Release

 
If additional information is required, please contact CA Technologies 
Support at support.ca.com
 
If you discover a vulnerability in a CA Technologies product, please 
report your findings to the CA Technologies Product Vulnerability 
Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
 

Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22 @ ca.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ