Important Security Notice for
CA ARCserve Backup
December 08, 2006
CA's Technical Support is alerting customers to a security risk associated with the CA ARCserve Backup. Researchers at Assurent (www.assurent.com) detected an exploitable problem and reported the vulnerability to CA. We have been working with them to understand the nature of the problem and to make certain that the provided remedy addresses the problem.
CA has confirmed the presence of this vulnerability and has completed development of the update that provides protection against it. Upon completion of quality assurance testing, the update will be released and made available to CA customers on December 7, 2006.
This vulnerability involves an overflow condition that can allow arbitrary code to be executed remotely with local SYSTEM privileges on Windows. This issue affects the BrightStor Backup Discovery Service in multiple CA ARCserve Backup application agents and the Base product.
Customers with vulnerable versions of the CA ARCserve Backup products should upgrade to the latest versions which will be available for download from https://Support.ca.com on or before December 7.
|BrightStor Products |
| ||CA ARCserve Backup r11.5 SP1 and below (SP2 does not have this vulnerability please apply 11.5 sp2) |
CA ARCserve Backup r11.1
CA ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
CA ARCserve Backup v9.01
|CA Protection Suites r2 |
| ||CA Server Protection Suite r2 |
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
Prerequisite conditions for the vulnerability to be exploitable :
Fixes to apply:
BAB r11.5 sp2 – SP2 does not contain the vulnerability, there is no fix to apply.
BAB r11.5 sp1 and below - QO81201
BAB r11.1 - QO84609
BAB r11.0 - QI82917
BEB r10.5 - QO84611
BAB v9.01 - QO84610
Should you require additional information, please contact CA Technical Support at https://Support.ca.com.