CA20120320-01: Security Notice for CA ARCserve Backup

2012-03-26T00:00:00
ID SECURITYVULNS:DOC:27837
Type securityvulns
Reporter Securityvulns
Modified 2012-03-26T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE-----

CA20120320-01: Security Notice for CA ARCserve Backup

Issued: March 20, 2012

CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability.

The vulnerability, CVE-2012-1662, occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.

Risk Rating

Medium

Platform

Windows

Affected Products

CA ARCserve Backup for Windows r12.0, r12.0 SP1, r12.0 SP2 CA ARCserve Backup for Windows r12.5, r12.5 SP1 CA ARCserve Backup for Windows r15, r15 SP1 CA ARCserve Backup for Windows r16

Non-Affected Products

CA ARCserve Backup for Windows r12.5 SP2 CA ARCserve Backup for Windows r16 SP1

How to determine if the installation is affected

CA ARCserve Backup for Windows r12.5:

Run the ARCserve Backup Manager. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Backup->Manager. Click Help->About CA ARCserve Backup. This screen will indicate the service pack level. If the displayed service pack level is prior to SP2, the installation is vulnerable.

CA ARCserve Backup for Windows r15:

  1. Run the ARCserve Patch Management utility. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Patch Management->Patch Status.

  2. The main patch status screen will indicate if the patch in the below table is applied. If the patch is not applied, then the installation is vulnerable.

Product Patch

CA ARCserve Backup for Windows r15: RO42050

For more information on the ARCserve Patch Management utility, read document TEC446265.

CA ARCserve Backup for Windows r16.0:

Run the ARCserve Backup Manager. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Backup->Manager. Click Help->About CA ARCserve Backup. This screen will indicate the service pack level. If the displayed service pack level is prior to SP1, the installation is vulnerable.

Solution

CA ARCserve Backup for Windows r12.0: Update to CA ARCserve Backup for Windows r16 SP1.

CA ARCserve Backup for Windows r12.5: Update to r12.5 service pack 2 with RO35881.

CA ARCserve Backup for Windows r15: Install RO42050.

CA ARCserve Backup for Windows r16: Update to r16 service pack 1 with RO35289.

References

CVE-2012-1662 - ARCserve Backup denial of service

CA20120320-01: Security Notice for CA ARCserve Backup (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7 b983E3A52-8374-410A-82BD-B8788733C70F%7d

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies Support at http://support.ca.com/

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782

Regards,

Kevin Kotas CA Technologies Product Vulnerability Response Team

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQEVAwUBT2o60ZI1FvIeMomJAQFS2QgAqLVN1RfJSdRiDC0XsR7nBhuESrufQjub o5S3XSJVvdDaZ8RxR14hA7hrzFukUhviZp0QuJ0U1+xcuzntvYWmKfKbrQDAISC2 CTU1NkN3/RLOaswOQKO08g9gr30zglhp0jztOYp9jv/s8V+ULF1Q7uymrnvGDzK4 9dlk8VHaXKbmgRX6L9GSr1IhX+0KzUJ8dqo+7PsLCrhcSnlmRQyOFSYU3SJcqyqM nyky1lmdD/3Gc41Ee10/yHXR9F/yZKPlZpI2R12+9K3a8s1+je/Jtruoqw7D1aUb ofNz5PiQBrGc+U+zIuAEiCekUONNrZ9palWZs2EiIZbtvxmhz9CKww== =3zDm -----END PGP SIGNATURE-----