On August 9, 2011, we published a security notice and fix to address a high risk vulnerability in ARCserve D2D r15. The vulnerability, CVE-2011-3011, is due to improper session handling. A remote attacker can potentially access credentials and execute arbitrary commands. Vulnerability and exploit details were originally disclosed on BugTraq on July 26, 2011, and CA was not contacted prior to the public disclosure. We are not aware of any active exploitation at this time, but we do anticipate activity because of the public disclosure of exploit details.
CA20110809-01: Security Notice for CA ARCserve D2D
Thanks and regards,
Ken Williams, Director
CA Technologies Product Vulnerability Response Team
CA Technologies Business Unit Operations
The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.