-----BEGIN PGP SIGNED MESSAGE-----

CA20100603-01: Security Notice for CA ARCserve Backup

Issued: June 3, 2010

CA Technologies support is alerting customers to a security risk with
CA ARCserve Backup. A vulnerability exists, CVE-2010-2157, that can
potentially allow a local attacker to gain sensitive information.

Risk Rating

Medium

Platform

Windows

Affected Products

CA ARCserve Backup r12.5 SP1
CA ARCserve Backup r12.0 SP2
CA ARCserve Backup r11.5 SP4

Non-Affected Products

CA ARCserve Backup r15.0

How to determine if the installation is affected

CA ARCserve Backup r12.5, r12.0, r11.5 Windows:

1. Run the ARCserve Patch Management utility. From the Windows Start
menu, the program can be found under Programs->CA->ARCserve Patch
Management->Patch Status.
2. The main patch status screen will indicate if the patches in the
below table are applied. If the patches are not applied, then the
installation is vulnerable.

Product
Patch(es)

CA ARCserve Backup r12.5 Windows
RO17300

CA ARCserve Backup r12.0 Windows
RO17301 and RO17302

CA ARCserve Backup r11.5 Windows
RO17303 and RO17306

For more information on the ARCserve Patch Management utility, read
document TEC446265.

Solution

CA ARCserve Backup r12.5 Windows:
RO17300

CA ARCserve Backup r12.0 Windows:
RO17302
RO17301

CA ARCserve Backup r11.5 Windows:
RO17306
RO17303

Workaround

None

References

CVE-2010-2157 - ARCserve Backup information disclosure

CA20100603-01: Security Notice for CA ARCserve Backup
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=23
8390

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at http://support.ca.com/

If you discover a vulnerability in a CA Technologies product, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782

Kevin Kotas
CA Technologies Product Vulnerability Response Team

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBTAg8vZI1FvIeMomJAQFCUAf9E8Yd6zolNHV+OYevFPCtbKSmD3iLZYCw
wtn8qWrTmy4IFpO90bzjTPzM0m237NSaER+yeF5qCXiu+7p9qG8/uwaJMwCQTtMz
F9bP7WD6ma6CwLRdV/6rRWzouFbWtCYhQa6Zv75sPur70TF8Wz32omgu4+Nhn807
vovh04OG0Ceo13stjsmbrl0NoXuYt4Oo7RbJtngtEjH+KQikwRimI0+Wrg9VyqNm
IAlsnMWlUPgH6vxaE9yGwrNa0kn9RwjjVCOPtGLsT2D14pt8LYKyoirOVoNU8DeO
Q/B6yozdyoWWj+EvLSC0fhrOXmH4XQ/eEP+rCzr9hpui24EQk8Ak/g==
=7vzC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/