CA20120320-01: Security Notice for CA ARCserve Backup

["Kotas, Kevin J" <Kevin.Kotas () ca com>]

-----BEGIN PGP SIGNED MESSAGE-----

CA20120320-01: Security Notice for CA ARCserve Backup

Issued: March 20, 2012

CA Technologies Support is alerting customers to a potential risk
with CA ARCserve Backup for Windows. A vulnerability exists that can
allow a remote attacker to cause a denial of service condition. CA
Technologies has issued fixes to address the vulnerability.

The vulnerability, CVE-2012-1662, occurs due to insufficient
validation of certain network requests. An attacker can potentially
use the vulnerability to disable network services.

Risk Rating

Medium

Platform

Windows

Affected Products

CA ARCserve Backup for Windows r12.0, r12.0 SP1, r12.0 SP2
CA ARCserve Backup for Windows r12.5, r12.5 SP1
CA ARCserve Backup for Windows r15, r15 SP1
CA ARCserve Backup for Windows r16

Non-Affected Products

CA ARCserve Backup for Windows r12.5 SP2
CA ARCserve Backup for Windows r16 SP1

How to determine if the installation is affected

CA ARCserve Backup for Windows r12.5:

Run the ARCserve Backup Manager. From the Windows Start menu, the
program can be found under Programs->CA->ARCserve Backup->Manager.
Click Help->About CA ARCserve Backup. This screen will indicate the
service pack level. If the displayed service pack level is prior to
SP2, the installation is vulnerable.

CA ARCserve Backup for Windows r15:

1. Run the ARCserve Patch Management utility. From the Windows
Start menu, the program can be found under Programs->CA->ARCserve
Patch Management->Patch Status.

2. The main patch status screen will indicate if the patch in the
below table is applied. If the patch is not applied, then the
installation is vulnerable.

Product
Patch

CA ARCserve Backup for Windows r15:
RO42050

For more information on the ARCserve Patch Management utility,
read document TEC446265.

CA ARCserve Backup for Windows r16.0:

Run the ARCserve Backup Manager. From the Windows Start menu, the
program can be found under Programs->CA->ARCserve Backup->Manager.
Click Help->About CA ARCserve Backup. This screen will indicate the
service pack level. If the displayed service pack level is prior to
SP1, the installation is vulnerable.

Solution

CA ARCserve Backup for Windows r12.0:
Update to CA ARCserve Backup for Windows r16 SP1.

CA ARCserve Backup for Windows r12.5:
Update to r12.5 service pack 2 with RO35881.

CA ARCserve Backup for Windows r15:
Install RO42050.

CA ARCserve Backup for Windows r16:
Update to r16 service pack 1 with RO35289.

References

CVE-2012-1662 - ARCserve Backup denial of service

CA20120320-01: Security Notice for CA ARCserve Backup
(url line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7
b983E3A52-8374-410A-82BD-B8788733C70F%7d

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at http://support.ca.com/

If you discover a vulnerability in CA Technologies products,
please report your findings to the CA Technologies Product
Vulnerability Response Team:
(url line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782

Regards,

Kevin Kotas
CA Technologies Product Vulnerability Response Team

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBT2jmC5I1FvIeMomJAQFXKwf+I7TnH22g+MMj29+BtaDD0U9uVu8bqliG
f9Y7jys4OlhmDbRfaVhUFr3F1nR+FLQKJqH/zHAFkbx2RkOVaZYhvUR/bexY+eWR
dEcbX3P19RV23xnZ3Z8xK/N8oxYRU9ycEl6kdf+GXtgY2j3UdK4WeyPwYI1LHDBN
6fmKiC9cnr8lSi3lmlLa8zEG91/0FC4ejAKaoSHJlxLI7KWjy1WX4znx+6W8QQ4+
m/t3MDZyICY03iYVxHzTGKQNl0hoIEG1iepie9ZIf+NWerxEKqEoHi4RF/vQ/gEj
xMsM1hacgMrV4RayYd5goWKxIVoocxGT1olb0MF9KDYLr22axvev8Q==
=00GO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/