CA XOsoft (ARCServe HA) Remotely Exploitable Vuln Fixed

CA has released a fix for a remotely exploitable vulnerability (CVE-2010-3984) in their XOsoft (ARCServe High Availability) software. The bug is fixed in CA ARCserve Replication and High Availability r15.2.

From the references link below, the following versions are affected:
CA XOsoft Replication r12.0 SP1
CA XOsoft High Availability r12.0 SP1
CA XOsoft Content Distribution r12.0 SP1
CA XOsoft Replication r12.5 SP2 rollup
CA XOsoft High Availability r12.5 SP2 rollup
CA XOsoft Content Distribution r12.5 SP2 rollup
CA ARCserve Replication and High Availability r15.0 SP1

UPDATE 11 Jan 2011 – A commercial exploit is now available from VUPEN Security.

References:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d
http://www.vupen.com/english/advisories/2010/3167

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply