CA20100603-01: Security Notice for CA ARCserve Backup

1805

24 May 2019

24 May 2019

OPEN

Issued: June 03, 2010

CA Technologies support is alerting customers to a security risk with CA ARCserve Backup. A vulnerability exists, CVE-2010-2157, that can potentially allow a local attacker to gain sensitive information.

Risk Rating

Medium

Platform

Windows

Affected Products

CA ARCserve Backup r12.5 SP1
CA ARCserve Backup r12.0 SP2
CA ARCserve Backup r11.5 SP4

Non-Affected Products

CA ARCserve Backup r15.0

How to determine if the installation is affected

CA ARCserve Backup r12.5, r12.0, r11.5 Windows:

  • Run the ARCserve Patch Management utility. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Patch Management->Patch Status.

  • The main patch status screen will indicate if the patches in the below table are applied. If the patches are not applied, then the installation is vulnerable.
Product Patch
CA ARCserve Backup r12.5 Windows RO17300
CA ARCserve Backup r12.0 Windows RO17301 and RO17302
CA ARCserve Backup r11.5 Windows RO17303 and RO17306


For more information on the ARCserve Patch Management utility, read document TEC446265.

Solution

CA ARCserve Backup r12.5:

RO17300

CA ARCserve Backup 12.0:

RO17302
RO17301

CA ARCserve Backup 11.5:

RO17306
RO17303

Workaround

None

References

CVE-2010-2157 - ARCserve Backup information disclosure

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Support at https://support.ca.com/.

If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Product Vulnerability Response Team.