Skip to main content

Hitachi
Contact UsContact Us

Vulnerability in CA ARCserve Replication

Update: July 30, 2010

On April 6, 2010, CA support released the "CA20100406-01: Security Notice for CA XOsoft (Display new window)" concerning vulnerabilities in CA ARCserve Replication r12.5. Malicious remote users can exploit these vulnerabilities and execute arbitrary code.

Vulnerability ID

HS10-012

Vulnerability description

The following vulnerabilities were found in CA ARCserve Replication r12.5:

  • Malicious remote users can enumerate user names.
  • Malicious remote users can acquire potentially sensitive information.
  • An attack by a malicious remote user can execute arbitrary code or make a request that might result in a service crash.

Affected products and versions are listed below. Please visit the Broadcom Web site below, and then apply the patched modules.
https://support.broadcom.com/external/content/security-advisories/CA20100406-01-Security-Notice-for-CA-XOsoft/1804 (Display new window)

Affected products

The information is organized under the following headings:

(Example)
Product name: Gives the name of the affected product.

Version:

Platform
Gives the affected version.

- CA ARCserve Replication r12.5 series

Product name: CA ARCserve Replication r12.5 for Windows Standard OS for File Server

Version(s):

Windows
12-50

Countermeasures

The information is organized under the following headings:

(Example)
Product name: Gives the name of the fixed product.

Fixed module:

Platform
Gives the fixed version, and release date.

Scheduled version(s):

  • Fixed module information

Product name: CA ARCserve Replication r12.5 series

Fixed module(*1)(*2):

  • Upgrade to r12.5 SP2(*3), and then apply RO14207(SP2 Rollup)(*3) and RO17180, in that order.
*1
These fixed modules are provided on the CA website (in Japanese).
*2
Before applying the fixed module, prerequisite patches must be applied.
*3
For details about upgrading to r12.5 SP2 and applying RO14207, see "CA ARCserve Replication r12.5 for Windows - Download information (in Japanese)"

Revision history

July 30, 2010
This page is released.
  • Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
  • The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
  • The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
  • The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.