Vulnerability Note VU#408099
CA ARCserve Backup authentication service denial-of-service vulnerability
The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a denial-of-service vulnerability. CA ARCserve Backup r16 SP1 was reported to be vulnerable.
The Offensive Security advisory states:
By specifying an invalid field size for the encrypted username or password in a crafted RPC packet, the authentication service performs an invalid pointer dereference while trying to decrypt the character string. Authentication is not required to trigger the vulnerability and successful exploitation of this vulnerability for the caauthd.exe process will lead to a denial of service.
An unauthenticated remote attacker may be able to trigger a denial-of-service condition.
Apply a Patch
If you cannot patch for whatever reason please consider the following workarounds.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CA Technologies||Affected||11 Jul 2012||31 Aug 2012|
CVSS Metrics (Learn More)
Thanks to Matteo Memelli of Offensive Security for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-2972
- Date Public: 31 Aug 2012
- Date First Published: 30 Oct 2012
- Date Last Updated: 30 Oct 2012
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.