SupportConnect - Important Security Notice for CA ARCserve Backup for Laptops and Desktops

Important Security Notice for
CA ARCserve Backup for Laptops and Desktops

Last Updated: January 23, 2007

CA's Technical Support is alerting customers to a security risk associated with the BrightStor ARCserve Backup for Laptops & Desktops product. Researchers at NGSS (www.ngssoftware.com) detected multiple remotely exploitable problems and reported the vulnerabilities to CA. We have been working with them to understand the nature of the problems and to make certain that the provided remedy addresses the problems.

CA has confirmed the presence of these vulnerabilities and has completed development of updates that provide protection against them. Upon completion of quality assurance testing, the updates were released and made available to CA customers on January 23, 2007.

The vulnerabilities involve multiple overflow conditions that can allow arbitrary code to be executed remotely with local SYSTEM privileges on Windows or cause denial of service. These issues affect the BrightStor ARCserve Backup for Laptops & Desktops services.

Customers with vulnerable versions of the BrightStor ARCserve Backup Laptops & Desktops product should upgrade to the latest versions which will be available for download from http://supportconnect.ca.com on or before January 23, 2007.

Affected products:

BrightStor Products
  CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA ARCserve Backup for Laptops and Desktops r4.0
CA Protection Suites r2
  CA Desktop Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
CA Desktop Management Suite
  DMS r11.0
DMS r11.1

Affected platforms:

Windows

Prerequisite conditions for the vulnerability to be exploitable

None

Fixes to apply:

BABLD r11.1 SP2 SP2 does not contain the vulnerability, there is no fix to apply
BABLD r11.1 SP1 - QO83833
BABLD r11.0 - QI85497
DMS r11.1 - QO85401
DMS r11.0 - QI85423
BMB r4.0 - QO85402

Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com.