SupportConnect - Important Security Notice for CA ARCserve Backup (Buffer Overrun)

Important Security Notice for
CA ARCserve Backup (Buffer Overrun)

Last Updated: January 16, 2007

CA's Technical Support is alerting customers to a security risk associated with the CA ARCserve Backup products. Researchers at TippingPoint (www.tippingpoint.com) detected multiple remotely exploitable problems and reported the vulnerabilities to CA. We have been working with them to understand the nature of the problems and to make certain that the provided remedy addresses the problems.

CA has confirmed the presence of these vulnerabilities and has completed development of updates that provide protection against them. Upon completion of quality assurance testing, the updates were released and made available to CA customers on October 5, 2006.

The vulnerabilities involve multiple overflow conditions that can allow arbitrary code to be executed remotely with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple CA ARCserve Backup application agents and the Base product.

Customers with vulnerable versions of the CA ARCserve Backup products should upgrade to the latest versions which will be available for download from http://supportconnect.ca.com on or before October 5.

Affected products:

BrightStor Products
  CA ARCserve Backup r11.5 SP1 and below (SP2 does not have this vulnerability)
CA ARCserve Backup r11.1
CA ARCserve Backup for Windows r11
BrightStor Enterprise Backup 10.5
CA ARCserve Backup v9.01
   
CA Protection Suites r2
  CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected platforms:

Windows

Prerequisite conditions for the vulnerability to be exploitable

None

Fixes to apply:

BAB r11.5 sp2 - SP2 does not contain the vulnerability, there is no fix to apply.
BAB r11.5 sp1 and below - QO81201
BAB r11.1 - QO82863
BAB r11.0 - QI82917
BEB r10.5 - QO82858
BAB v9.01 - QO82856

Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com.