Full Disclosure mailing list archives
CA20120320-01: Security Notice for CA ARCserve Backup
From: "Kotas, Kevin J" <Kevin.Kotas () ca com>
Date: Tue, 20 Mar 2012 22:05:55 +0000
-----BEGIN PGP SIGNED MESSAGE----- CA20120320-01: Security Notice for CA ARCserve Backup Issued: March 20, 2012 CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability. The vulnerability, CVE-2012-1662, occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services. Risk Rating Medium Platform Windows Affected Products CA ARCserve Backup for Windows r12.0, r12.0 SP1, r12.0 SP2 CA ARCserve Backup for Windows r12.5, r12.5 SP1 CA ARCserve Backup for Windows r15, r15 SP1 CA ARCserve Backup for Windows r16 Non-Affected Products CA ARCserve Backup for Windows r12.5 SP2 CA ARCserve Backup for Windows r16 SP1 How to determine if the installation is affected CA ARCserve Backup for Windows r12.5: Run the ARCserve Backup Manager. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Backup->Manager. Click Help->About CA ARCserve Backup. This screen will indicate the service pack level. If the displayed service pack level is prior to SP2, the installation is vulnerable. CA ARCserve Backup for Windows r15: 1. Run the ARCserve Patch Management utility. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Patch Management->Patch Status. 2. The main patch status screen will indicate if the patch in the below table is applied. If the patch is not applied, then the installation is vulnerable. Product Patch CA ARCserve Backup for Windows r15: RO42050 For more information on the ARCserve Patch Management utility, read document TEC446265. CA ARCserve Backup for Windows r16.0: Run the ARCserve Backup Manager. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Backup->Manager. Click Help->About CA ARCserve Backup. This screen will indicate the service pack level. If the displayed service pack level is prior to SP1, the installation is vulnerable. Solution CA ARCserve Backup for Windows r12.0: Update to CA ARCserve Backup for Windows r16 SP1. CA ARCserve Backup for Windows r12.5: Update to r12.5 service pack 2 with RO35881. CA ARCserve Backup for Windows r15: Install RO42050. CA ARCserve Backup for Windows r16: Update to r16 service pack 1 with RO35289. References CVE-2012-1662 - ARCserve Backup denial of service CA20120320-01: Security Notice for CA ARCserve Backup (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7 b983E3A52-8374-410A-82BD-B8788733C70F%7d Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at http://support.ca.com/ If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas CA Technologies Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBT2jmC5I1FvIeMomJAQFXKwf+I7TnH22g+MMj29+BtaDD0U9uVu8bqliG f9Y7jys4OlhmDbRfaVhUFr3F1nR+FLQKJqH/zHAFkbx2RkOVaZYhvUR/bexY+eWR dEcbX3P19RV23xnZ3Z8xK/N8oxYRU9ycEl6kdf+GXtgY2j3UdK4WeyPwYI1LHDBN 6fmKiC9cnr8lSi3lmlLa8zEG91/0FC4ejAKaoSHJlxLI7KWjy1WX4znx+6W8QQ4+ m/t3MDZyICY03iYVxHzTGKQNl0hoIEG1iepie9ZIf+NWerxEKqEoHi4RF/vQ/gEj xMsM1hacgMrV4RayYd5goWKxIVoocxGT1olb0MF9KDYLr22axvev8Q== =00GO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CA20120320-01: Security Notice for CA ARCserve Backup Kotas, Kevin J (Mar 20)