Yes, I just took a look at the newsletter. I had informed them on Sept. 7 and they were relatively quick with a patch -- for ARCServe 2000. So from reading the responses, I would say if you're running anything prior to ARCServe 2000 _and_ you have the vulnerability, the best course of action is to change the share permissions. Not sure why the share is there. It may be for a Network Agent of some sort. Best to ask CA. -rdr From: "Marcus Bednorz" <m.beat_private> To: <bugtraqat_private> Sent: Monday, September 17, 2001 4:09 AM Subject: AW: ARCserve 6.61 Share Access Vulnerability Hi, the problem also applys to ArcServe 2000. This securityleak was announced by CA in the Storage-Newsletter september-edition. There is a patch for ArcServe 2000 with SP2a available from http://support.ca.com/Download/patches/asitnt/QO00945.html Couldn't find anything for ArcServe 6.61IT. Does anybody know why this share is needed? What's with removing the share? Can the mentioned permissions be used? Marcus Bednorz
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 12:35:31 PDT