View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA ARCserve Backup for Laptops & Desktops authentication bypass vulnerability

Date Discovered:
21 Sep 2007

Date Published:
21 Sep 2007

Last Updated:
21 Sep 2007

Threat Assessment

Overall Risk:  Medium
Popularity : Medium
Impact:  High
Simplicity:  Low

Characteristics

Vulnerability ID:  35677
Discovered By:  iDefense VCP

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  A remote attacker can bypass authentication.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA ARCserve Backup for Laptops & Desktops contains a vulnerability that can allow a remote attacker to bypass authentication. The vulnerability is due to improper verification of authorization credentials. An attacker can exploit this vulnerability to bypass authentication.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.0, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP1 x86 32 EN, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP2, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.5, CA BrightStor Mobile Backup - AdminGui 4, CA Desktop Management Suite r11 (build 11.0.8049) x86 32, CA Desktop Management Suite r11.2, CA Protection Suites - Protection Suite Server r2 x86 32, CA Unicenter DMS Manager - Backup Manager r11.1 (build 11.1.8124) x86 32

Please download and apply the respective patches from the below link:-



http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Back to top

Affected Technologies

Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.0
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP1 x86 32 EN
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP2
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.5
Computer Associates: CA BrightStor Mobile Backup - AdminGui 4
Computer Associates: CA Desktop Management Suite r11 (build 11.0.8049) x86 32
Computer Associates: CA Desktop Management Suite r11.2.2.4331
Computer Associates: CA Protection Suites - Protection Suite Server r2 x86 32
Computer Associates: CA Unicenter DMS Manager - Backup Manager r11.1 (build 11.1.8124) x86 32

Back to top

References

Computer Associates: caarcservebld
Mitre CVE: CVE-2007-5006

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare