CA20110809-01: Security Notice for CA ARCserve D2D

["Williams, James K" <James.Williams () ca com>]

CA20110809-01: Security Notice for CA ARCserve D2D
 

Issued:  August 9, 2011
 

CA Technologies support is alerting customers to a security risk 
associated with CA ARCserve D2D. A vulnerability exists that can 
allow a remote attacker to access credentials and execute arbitrary 
commands.  CA Technologies has issued a patch to address the 
vulnerability.
 
The vulnerability, CVE-2011-3011, is due to improper session handling. 
A remote attacker can access credentials and execute arbitrary 
commands.
 

Risk Rating 
 
High
 

Platform 
 
Windows
 

Affected Products 
 
CA ARCserve D2D r15
 

How to determine if the installation is affected 
 
Search under TOMCAT directory for "BaseServiceImpl.class", and if the 
date is earlier than August 03, 2011, then you should apply fix 
RO33517.
 

Solution
 
CA has issued a patch to address the vulnerability.
 
CA ARCserve D2D r15:
RO33517
 

Workaround

None
 

References
 
CVE-2011-3011 - CA ARCserve D2D session handling vulnerability
 

Acknowledgement
 
None
 

Change History
 
Version 1.0: Initial Release

 
If additional information is required, please contact CA Technologies 
Support at support.ca.com
 
If you discover a vulnerability in a CA Technologies product, please 
report your findings to the CA Technologies Product Vulnerability 
Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
 

Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22 @ ca.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/