Bugtraq mailing list archives
Re: ARCserve 6.61 Share Access Vulnerability
From: ron <rdr () steelrat kernelsutra com>
Date: Mon, 17 Sep 2001 15:14:58 -0400
Yes, I just took a look at the newsletter. I had informed them on Sept. 7 and they were relatively quick with a patch -- for ARCServe 2000. So from reading the responses, I would say if you're running anything prior to ARCServe 2000 _and_ you have the vulnerability, the best course of action is to change the share permissions. Not sure why the share is there. It may be for a Network Agent of some sort. Best to ask CA. -rdr From: "Marcus Bednorz" <m.be () oevermann de> To: <bugtraq () securityfocus com> Sent: Monday, September 17, 2001 4:09 AM Subject: AW: ARCserve 6.61 Share Access Vulnerability Hi, the problem also applys to ArcServe 2000. This securityleak was announced by CA in the Storage-Newsletter september-edition. There is a patch for ArcServe 2000 with SP2a available from http://support.ca.com/Download/patches/asitnt/QO00945.html Couldn't find anything for ArcServe 6.61IT. Does anybody know why this share is needed? What's with removing the share? Can the mentioned permissions be used? Marcus Bednorz
Current thread:
- ARCserve 6.61 Share Access Vulnerability ron (Sep 16)
- RE: ARCserve 6.61 Share Access Vulnerability Paulo Filipe Mira (Sep 17)
- <Possible follow-ups>
- RE: ARCserve 6.61 Share Access Vulnerability David Sexton (Sep 17)
- Re: ARCserve 6.61 Share Access Vulnerability ron (Sep 17)