Security Notice for BrightStor ARCserve Backup - CA Technologies
{{search ? 'Close':'Search'}}

 

Important Security Notice for
BrightStor ARCserve Backup

December 08, 2006

CA's Technical Support is alerting customers to a security risk associated with the BrightStor ARCserve Backup. Researchers at Assurent (www.assurent.com) detected an exploitable problem and reported the vulnerability to CA. We have been working with them to understand the nature of the problem and to make certain that the provided remedy addresses the problem.

CA has confirmed the presence of this vulnerability and has completed development of the update that provides protection against it. Upon completion of quality assurance testing, the update will be released and made available to CA customers on December 7, 2006.

This vulnerability involves an overflow condition that can allow arbitrary code to be executed remotely with local SYSTEM privileges on Windows. This issue affects the BrightStor Backup Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.

Customers with vulnerable versions of the BrightStor ARCserve Backup products should upgrade to the latest versions which will be available for download from support.ca.com on or before December 7.

Affected products:

BrightStor Products
  BrightStor ARCserve Backup r11.5 SP1 and below (SP2 does not have this vulnerability please apply 11.5 sp2)
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Protection Suites r2
  CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected platforms:

Windows

Prerequisite conditions for the vulnerability to be exploitable :

None

Fixes to apply:

BAB r11.5 sp2 - SP2 does not contain the vulnerability, there is no fix to apply.
BAB r11.5 sp1 and below - QO81201
BAB r11.1 - QO84609
BAB r11.0 - QI82917
BEB r10.5 - QO84611
BAB v9.01 - QO84610

Should you require additional information, please contact CA Technical Support at support.ca.com.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing