CA XOsoft (ARCServe HA) Remotely Exploitable Vuln Fixed
CA has released a fix for a remotely exploitable vulnerability (CVE-2010-3984) in their XOsoft (ARCServe High Availability) software. The bug is fixed in CA ARCserve Replication and High Availability r15.2.
From the references link below, the following versions are affected:
CA XOsoft Replication r12.0 SP1
CA XOsoft High Availability r12.0 SP1
CA XOsoft Content Distribution r12.0 SP1
CA XOsoft Replication r12.5 SP2 rollup
CA XOsoft High Availability r12.5 SP2 rollup
CA XOsoft Content Distribution r12.5 SP2 rollup
CA ARCserve Replication and High Availability r15.0 SP1
UPDATE 11 Jan 2011 – A commercial exploit is now available from VUPEN Security.