CA20101209-01: Security Notice for CA XOsoft
Issued: December 09, 2010
CA Technologies support is alerting customers to a security risk with CA XOsoft. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued a patch to address the vulnerability for each affected release.
The vulnerability, CVE-2010-3984, is due to insufficient bounds checking with a SOAP request. A remote attacker can make a SOAP request to cause a buffer overflow and potentially compromise the system.
CA XOsoft Replication r12.0 SP1
CA XOsoft High Availability r12.0 SP1
CA XOsoft Content Distribution r12.0 SP1
CA XOsoft Replication r12.5 SP2 rollup
CA XOsoft High Availability r12.5 SP2 rollup
CA XOsoft Content Distribution r12.5 SP2 rollup
CA ARCserve Replication and High Availability r15.0 SP1
CA ARCserve Replication and High Availability r15.2
How to determine if the installation is affected
- Using Windows Explorer, locate the file "mng_core_com.dll". By default in r12.0 and r12.5, the file is located in the "C:Program FilesCAXOsoftManager" directory. For r15.0 SP1, the file is located in "C:Program FilesCAARCserve RHAManager" directory.
- Right click on the file and select Properties.
- Select the General tab.
- If the file timestamp is earlier than indicated in the below table, the installation is vulnerable.
|Product ||File Name ||Timestamp ||File Size |
|XOsoft 12.0 SP1 ||mng_core_com.dll ||10/09/2010 ||2,007,040 bytes |
|XOsoft 12.5 SP1 ||mng_core_com.dll ||01/07/2011 ||2,404,352 bytes |
|XOsoft 12.5 SP2 rollup ||mng_core_com.dll ||10/13/2010 ||2,396,160 bytes |
|ARCserve RHA 15.0 SP1 ||mng_core_com.dll ||10/13/2010 ||2,990,080 bytes |
CA issued the following patch to address the vulnerability.
CA ARCserve Replication and High Availability r15.0 SP1:
CA XOsoft Replication r12.5 SP2 rollup,
CA XOsoft High Availability r12.5 SP2 rollup,
CA XOsoft Content Distribution r12.5 SP2 rollup:
CA XOsoft Replication r12.0 SP1,
CA XOsoft High Availability r12.0 SP1,
CA XOsoft Content Distribution r12.0 SP1:
CVE-2010-3984 - XOsoft buffer overflow
CVE-2010-3984 - AbdulAziz Hariri through the TippingPoint ZDI program
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies Support at https://support.ca.com.
If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.