Re: ARCserve 6.61 Share Access Vulnerability

From: ron (rdrat_private)
Date: Mon Sep 17 2001 - 12:14:58 PDT

Next message: jjoreat_private: "Lotus Notes: File attachments may be extracted regardless of document security"

Previous message: Scott Schwartz: "Problems in Forte Developer 6 dbx and install docs"
Maybe in reply to: ron: "ARCserve 6.61 Share Access Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, I just took a look at the newsletter.  I had informed them on Sept. 7 and they were relatively quick with a patch
-- for ARCServe 2000. 

So from reading the responses, I would say if you're running anything prior to ARCServe 2000 _and_ you have the vulnerability,
the best course of action is to change the share permissions.

Not sure why the share is there.  It may be for a Network Agent of some sort.  Best to ask CA.

-rdr



From: "Marcus Bednorz" <m.beat_private>
To: <bugtraqat_private>
Sent: Monday, September 17, 2001 4:09 AM
Subject: AW: ARCserve 6.61 Share Access Vulnerability


Hi, 

the problem also applys to ArcServe 2000. This securityleak was announced by
CA in the Storage-Newsletter september-edition. There is a patch for
ArcServe 2000 with SP2a available from
http://support.ca.com/Download/patches/asitnt/QO00945.html Couldn't find
anything for ArcServe 6.61IT.

Does anybody know why this share is needed? What's with removing the share?
Can the mentioned permissions be used?                

Marcus Bednorz

Next message: jjoreat_private: "Lotus Notes: File attachments may be extracted regardless of document security"
Previous message: Scott Schwartz: "Problems in Forte Developer 6 dbx and install docs"
Maybe in reply to: ron: "ARCserve 6.61 Share Access Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 12:35:31 PDT