http://community.ca.com/blogs/casecurityresponseblog/default.aspxenCommunityServer 2007 SP1 (Build: 20510.895)http://www.ca.comhttp://www.ca.com/images/global/logo_172900.gifCaSecurityResponseBloghttp://feedburner.google.comhttp://feeds.ca.com/~r/CaSecurityResponseBlog/~3/euFwHqizZ94/ca20120320-01-security-notice-for-ca-arcserve-backup.aspxTue, 20 Mar 2012 20:49:00 GMT8d07cc69-a460-48f1-844d-25b05ba87317:8752Kevin Kotas0http://community.ca.com/blogs/casecurityresponseblog/archive/2012/03/20/ca20120320-01-security-notice-for-ca-arcserve-backup.aspx#commentsVulnerabilityCVE-2012-1662Today I published a new security notice, CA20120320-01, for ARCserve Backup. The notice addresses a medium risk remotely exploitable denial of serivce vulnerability. There are no reports of exploitation in the wild at the time of this post. See below for more information. CA20120320-01: Security Notice for CA ARCserve...<br/> <br/> &nbsp;<img src="http://feeds.feedburner.com/~r/CaSecurityResponseBlog/~4/euFwHqizZ94" height="1" width="1"/>http://community.ca.com/blogs/casecurityresponseblog/archive/2012/03/20/ca20120320-01-security-notice-for-ca-arcserve-backup.aspxhttp://feeds.ca.com/~r/CaSecurityResponseBlog/~3/iRqpCTfDMvY/ca20111208-01-security-notice-for-ca-siteminder.aspxFri, 09 Dec 2011 12:33:00 GMT8d07cc69-a460-48f1-844d-25b05ba87317:8202Ken Williams3http://community.ca.com/blogs/casecurityresponseblog/archive/2011/12/09/ca20111208-01-security-notice-for-ca-siteminder.aspx#commentsVulnerabilitySiteMinderCVE-2011-4054CERTToday we published a security notice and fixes to address a medium risk, publicly known vulnerability in CA SiteMinder. The vulnerability, CVE-2011-4054, occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser. Vulnerability details were first...<br/> <br/> &nbsp;<img src="http://feeds.feedburner.com/~r/CaSecurityResponseBlog/~4/iRqpCTfDMvY" height="1" width="1"/>http://community.ca.com/blogs/casecurityresponseblog/archive/2011/12/09/ca20111208-01-security-notice-for-ca-siteminder.aspxhttp://feeds.ca.com/~r/CaSecurityResponseBlog/~3/1dYWxWpcY6Q/ca20111116-01-security-notice-for-ca-directory.aspxWed, 16 Nov 2011 22:41:00 GMT8d07cc69-a460-48f1-844d-25b05ba87317:8124Kevin Kotas0http://community.ca.com/blogs/casecurityresponseblog/archive/2011/11/16/ca20111116-01-security-notice-for-ca-directory.aspx#commentsVulnerabilityCVE-2011-3849DirectoryEEMToday, I published a new security notice for CA Directory. The notice addresses a high risk denial of service vulnerability dealing with specially malformed SNMP packets, which was reported to us by nabCERT, National Australia Bank. At this time, we are not aware of any active exploitation. See below for details. CA20111116-01: Security Notice for CA...<br/> <br/> &nbsp;<img src="http://feeds.feedburner.com/~r/CaSecurityResponseBlog/~4/1dYWxWpcY6Q" height="1" width="1"/>http://community.ca.com/blogs/casecurityresponseblog/archive/2011/11/16/ca20111116-01-security-notice-for-ca-directory.aspxhttp://feeds.ca.com/~r/CaSecurityResponseBlog/~3/yH6htYqrnxA/ca20110809-01-security-notice-for-ca-arcserve-d2d.aspxFri, 12 Aug 2011 20:25:00 GMT8d07cc69-a460-48f1-844d-25b05ba87317:7709Ken Williams0http://community.ca.com/blogs/casecurityresponseblog/archive/2011/08/12/ca20110809-01-security-notice-for-ca-arcserve-d2d.aspx#commentsVulnerabilityARCserve BackupexploitrgodD2DARCserveCVE-2011-3011On August 9, 2011, we published a security notice and fix to address a high risk vulnerability in ARCserve D2D r15.&nbsp; The vulnerability, CVE-2011-3011, is due to improper session handling. A remote attacker can potentially access credentials and execute arbitrary commands.&nbsp; Vulnerability and exploit details were originally disclosed on BugTraq on July 26, 2011, and CA was not contacted...<br/> <br/> &nbsp;<img src="http://feeds.feedburner.com/~r/CaSecurityResponseBlog/~4/yH6htYqrnxA" height="1" width="1"/>http://community.ca.com/blogs/casecurityresponseblog/archive/2011/08/12/ca20110809-01-security-notice-for-ca-arcserve-d2d.aspxhttp://feeds.ca.com/~r/CaSecurityResponseBlog/~3/hC1hM7G6aMU/arcserve-d2d-public-disclosure-of-vulnerability-and-exploit-details.aspxTue, 26 Jul 2011 18:30:00 GMT8d07cc69-a460-48f1-844d-25b05ba87317:7560Ken Williams0http://community.ca.com/blogs/casecurityresponseblog/archive/2011/07/26/arcserve-d2d-public-disclosure-of-vulnerability-and-exploit-details.aspx#commentsVulnerabilityexploitrgodD2DARCserveCA Technologies is aware of ARCserve D2D vulnerability and exploit details that were posted to BugTraq on 2011-07-26.&nbsp; We&#39;re currently reviewing the information and will post an update after we have completed our initial investigation. Thanks and regards, Ken Williams, Director CA Technologies Product Vulnerability Response Team CA Technologies Business Unit Operations wilja22@ca.com...<br/> <br/> &nbsp;<img src="http://feeds.feedburner.com/~r/CaSecurityResponseBlog/~4/hC1hM7G6aMU" height="1" width="1"/>http://community.ca.com/blogs/casecurityresponseblog/archive/2011/07/26/arcserve-d2d-public-disclosure-of-vulnerability-and-exploit-details.aspx