main content
Login United States - English
CA, Transforming IT Management
Search Technical Support:
    • How to Buy
    • Insights
      • Insights by Topic
      • Blogs
      • On-Demand Webcasts
      • Podcasts
      • Success Stories
      • White Papers
      • Smart Enterprise Magazine
    • Partners
      • Channel Partners
      • Service & Consulting Partners
      • OEM Partners
      • Strategic Alliances
      • Technology Partners
      • Partner Locator
      • Partner Portal
    • Support
      • Technical Support
        • Enterprise
        • Small and Medium Business
        • Home and Home Office
      • Customer Care
      • Global Security Advisor
      • User Communities
    • Education
      • Find Education by Product Category
      • Find Courses
      • Learning Paths
      • Accreditations
      • Policies
      • Resources
      • Partners
    • Solutions
      • Enterprise IT Management
      • Capability Solutions
      • Industry Solutions
      • Mainframe
      • On-Demand Solutions
      • Services
    • Products
      • Product Categories
        • Application Development & Databases
        • Application Performance Management
        • Database Management
        • Governance
        • Infrastructure & Operations Management
        • Mainframe
        • Project, Portfolio & Financial Management
        • Security Management
        • Service Management
        • Storage and Recovery Management
      • Product List
      • Demos
      • Special Offers
      • Trials
SupportConnect - Important Security Notice for CA ARCserve Backup
  

Important Security Notice for
CA ARCserve Backup

Last Updated: January 11, 2007

CA's Technical Support is alerting customers to a security risk associated with CA ARCserve Backup. Researchers at TippingPoint (www.tippingpoint.com), IBM ISS (www.iss.net) and iDefense (labs.idefense.com) have detected exploitable problems and reported the vulnerabilities to CA. We have been working with them to understand the nature of the problems and to make certain that the provided fixes address the vulnerabilities.

CA has confirmed the presence of these vulnerabilities and has completed development of the fixes that provide protection against them. The updates are being released and made available to CA customers on January 11, 2007.

These vulnerabilities involve multiple overflow conditions that can allow arbitrary code to be executed remotely with local SYSTEM privileges on Windows. CA ARCserve Backup Tape Engine service, Mediasvr service, and ASCORE.dll file are affected.

Customers with vulnerable versions of the CA ARCserve Backup products should upgrade to the latest versions which will be available for download from http://supportconnect.ca.com on or before January 11, 2007.

Affected products:

BrightStor Products
  CA ARCserve Backup r11.5
CA ARCserve Backup r11.1
CA ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
CA ARCserve Backup v9.01
CA Protection Suites r2
  CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected platforms:

Windows

Prerequisite conditions for the vulnerability to be exploitable

None

Fixes to apply:

BAB r11.5 - QO84983
BAB r11.1 - QO84984
BAB r11.0 - QI82917
BEB r10.5 - QO84986
BAB v9.01 - QO84985

Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com.

main content
 
 
 
Page Tools
printPrint
 
 
Sitemap  |  Privacy  |  Legal  |  Copyright © 2008 CA
About Us  |  News  |  Events  |  Contact Us  |  RSS Feeds