CA20110809-01: Security Notice for CA ARCserve D2D

On August 9, 2011, we published a security notice and fix to address a high risk vulnerability in ARCserve D2D r15.  The vulnerability, CVE-2011-3011, is due to improper session handling. A remote attacker can potentially access credentials and execute arbitrary commands.  Vulnerability and exploit details were originally disclosed on BugTraq on July 26, 2011, and CA was not contacted prior to the public disclosure.  We are not aware of any active exploitation at this time, but we do anticipate activity because of the public disclosure of exploit details.

CA20110809-01: Security Notice for CA ARCserve D2D{7D3ACC0F-6C01-4BE2-B5C0-C430CEB45BE6}

Thanks and regards,
Ken Williams, Director
CA Technologies Product Vulnerability Response Team
CA Technologies Business Unit Operations


The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.


The following two tabs change content below.

Ken Williams

Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst & Young, and founder of Packet Storm Security.

Leave a Reply