Published:
December 31 2010, 05:21 PM
|
no comments
by
Ken Williams
Today, we published a security notice to address a vulnerability in CA ARCserve D2D r15. The security notice includes an informational solution for a high risk vulnerability that was publicly disclosed on 2010-12-30 by rgod. Although the informational solution fully mitigates the vulnerability, we do still plan to release a patch soon as a more automated and permanent solution. The individual who discovered and disclosed the vulnerability, rgod, has posted exploit code with his security notice. CA was not contacted before the public disclosure. We have not received any reports of active exploitation, but we do expect to see vulnerability scanning and exploitation activity.
The security notice for this vulnerability is published on the CA Support web site:
CA20101231-01: Security Notice for CA ARCserve D2D
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={26223DAB-1FA0-4EF9-864E-6CE3278FE503}
Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22@ca.com
The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.
By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..