CA20101209-01 Security Notice for CA XOsoft - CA Technologies
{{search ? 'Close':'Search'}}

CA20101209-01: Security Notice for CA XOsoft

Issued: December 09, 2010

CA Technologies support is alerting customers to a security risk with CA XOsoft. A vulnerability exists that can allow a remote attacker to execute arbitrary code.  CA has issued a patch to address the vulnerability for each affected release.

The vulnerability, CVE-2010-3984, is due to insufficient bounds checking with a SOAP request. A remote attacker can make a SOAP request to cause a buffer overflow and potentially compromise the system.

Risk Rating

High

Platform

Windows

Affected Products

CA XOsoft Replication r12.0 SP1
CA XOsoft High Availability r12.0 SP1
CA XOsoft Content Distribution r12.0 SP1
CA XOsoft Replication r12.5 SP2 rollup
CA XOsoft High Availability r12.5 SP2 rollup
CA XOsoft Content Distribution r12.5 SP2 rollup
CA ARCserve Replication and High Availability r15.0 SP1

Non-Affected Products

CA ARCserve Replication and High Availability r15.2

How to determine if the installation is affected

  1. Using Windows Explorer, locate the file "mng_core_com.dll". By default in r12.0 and r12.5, the file is located in the "C:Program FilesCAXOsoftManager" directory. For r15.0 SP1, the file is located in "C:Program FilesCAARCserve RHAManager" directory.

  2. Right click on the file and select Properties.

  3. Select the General tab.

  4. If the file timestamp is earlier than indicated in the below table, the installation is vulnerable.
Product File Name Timestamp File Size
XOsoft 12.0 SP1 mng_core_com.dll 10/09/2010 2,007,040 bytes
XOsoft 12.5 SP1 mng_core_com.dll 01/07/2011 2,404,352 bytes
XOsoft 12.5 SP2 rollup mng_core_com.dll 10/13/2010 2,396,160 bytes
ARCserve RHA 15.0 SP1 mng_core_com.dll 10/13/2010 2,990,080 bytes

Solution

CA issued the following patch to address the vulnerability.

CA ARCserve Replication and High Availability r15.0 SP1:
RO24455

CA XOsoft Replication r12.5 SP2 rollup,
CA XOsoft High Availability r12.5 SP2 rollup,
CA XOsoft Content Distribution r12.5 SP2 rollup:
RO24313

CA XOsoft Replication r12.0 SP1,
CA XOsoft High Availability r12.0 SP1,
CA XOsoft Content Distribution r12.0 SP1:
RO24314

References

CVE-2010-3984 - XOsoft buffer overflow

Acknowledgement

CVE-2010-3984 - AbdulAziz Hariri through the TippingPoint ZDI program

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies Support at https://support.ca.com.

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing