CA20120320-01: Security Notice for CA ARCserve Backup

1819

24 May 2019

24 May 2019

OPEN

Issued: March 20, 2012
Updated: March 27, 2012

CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability.

The vulnerability, CVE-2012-1662, occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.

Risk Rating

Medium

Platform

Windows

Affected Products

CA ARCserve Backup for Windows r12.0, r12.0 SP1, r12.0 SP2
CA ARCserve Backup for Windows r12.5, r12.5 SP1
CA ARCserve Backup for Windows r15, r15 SP1
CA ARCserve Backup for Windows r16

Non-Affected Products

CA ARCserve Backup for Windows r12.5 SP2
CA ARCserve Backup for Windows r16 SP1

How to determine if the installation is affected

CA ARCserve Backup for Windows r12.5:

Run the ARCserve Backup Manager. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Backup->Manager. Click Help->About CA ARCserve Backup. This screen will indicate the service pack level. If the displayed service pack level is prior to SP2, the installation is vulnerable.

CA ARCserve Backup for Windows r12.0, r15:

  1. Run the ARCserve Patch Management utility. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Patch Management->Patch Status.
  2. The main patch status screen will indicate if the patch in the below table is applied. If the patch is not applied, then the installation is vulnerable.
Product Patch
CA ARCserve Backup for Windows r12.0 T146564
CA ARCserve Backup for Windows r15 RO42050

 

For more information on the ARCserve Patch Management utility, read document TEC446265.

CA ARCserve Backup for Windows r16.0:

Run the ARCserve Backup Manager. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Backup->Manager. Click Help->About CA ARCserve Backup. This screen will indicate the service pack level. If the displayed service pack level is prior to SP1, the installation is vulnerable.

Solution

CA ARCserve Backup for Windows r12.0:
A fix is available by request from CA Technologies Support. When creating the support ticket, please refer to patch T146564. Alternatively, an upgrade is available for customers. See CA ARCserve Backup r12 End of Service Announcement for more information.

CA ARCserve Backup for Windows r12.5:
Update to r12.5 service pack 2 with RO35881.

CA ARCserve Backup for Windows r15:
Install RO42050.

CA ARCserve Backup for Windows r16:
Update to r16 service pack 1 with RO35289.

References

CVE-2012-1662 - ARCserve Backup denial of service

Change History

Version 1.0: Initial Release
Version 1.1: Added r12.0 T146564 patch to solution section

If additional information is required, please contact CA Technologies Support at https://support.ca.com/.

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.